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FIRST AMENDED BRIEF OF APPELLANT 



MAIL STOP AF 
Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 



Sir: 

This First Amended Brief of Appellant is being filed in response to the Notification of Non- 
Compliant Appeal Brief (Form PTOL-462) mailed November 16, 2007. 
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The Notification of Non-Compliant Appeal Brief indicated that the claims appendix did not 
contain a "clean copy" of the appealed claims. By telephone conference held on December 3, 2007, 
between the undersigned attorney and Patent Appeal Center Specialist Timothy Cole, it was 
determined that the text of patent claims 215 and 251, as presented in the original Appeal Brief 
filed on October 29, 2007, still included strike-out deletion and underline insertion markings. 
Accordingly, in the present First Amended Appeal Brief, patent claims 215 and 251 have been 
revised to be in "clean" form. 

The Notification of Non-Compliant Appeal Brief also indicated that the original Appeal 
Brief filed on October 29, 2007 did not "contain copies of the evidence submitted." In this regard, 
the "Evidence Appendix" included in the original Appeal Brief filed on October 29, 2007, recites 
that copies of the patent references relied upon by the Examiner to reject the appealed claims, 
namely, U.S. Pat. No. 6,629,131 (Choi); U.S. Pat. No. 6,618,747 (Flynn), and U.S. Pat. No. 
5,748,738 (Bisbee) were attached to the original Appeal Brief. Nonetheless, during the telephone 
conference held on December 3, 2007, between the undersigned attorney and Patent Appeal Center 
Specialist Timothy Cole, Mr. Cole indicated that the original Appeal Brief filed on October 29, 
2007 did not have such copies attached. Accordingly, copies of these three patents are attached to 
this First Amended Appeal Brief immediately behind the Evidence Appendix, and just before the 
concluding Related Proceedings Appendix. 

This First Amended Appeal Brief is in support of the Notice of Appeal filed in the Patent 
Office by the above-identified Applicant/ Appellant on August 6, 2007, appealing the final rejection 
of the Examiner dated June 6, 2007, finally rejecting claims 184-189, 191-213, 215-229, 231-234, 
236-243, 248-255, 258-271, 279, 288-317, 327-340, and 346-348'. A check in payment of the fee 



' In partial response to the final Office Action mailed June 6, 2007, Applicant canceled claims 
155, 157-161, 163-1 82, 235, 244-247, 256-257, 272-278, 280-287, 3 1 8-326, and 341-345 by submitting 
an Amendment After Final Office Action, without prejudice to the presentation of such claims in a 
continuing application for fiuther prosecution, in order to place the present application in better form 
for purposes of appeal. The Examiner confirmed entry of such Amendment on September 6, 2007 via 
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of $250.00 for filing an Appeal Brief, as set forth in § 41 .20(b)(2) for a small entity, was already 
forwarded to the Patent Office with the original Appeal Brief filed on October 29, 2007. The 
Patent Office is hereby authorized to charge any additional fees required by this paper to Deposit 
Account No. 03-0088. 

This First Amended Appeal Brief sets forth the authorities and arguments on which 
Appellant relies to maintain this appeal. A Claims Appendix, setting forth the text of the claims 
involved in this appeal, is attached hereto. Also attached are appendices for evidence and related 
proceedings. 

1. Real Party In Interest . 

The real party in interest is the applicant/inventor, namely, Reuben Bahar of West Hills, 
California. The claimed invention has not been assigned or licensed. 

2. Related Appeals and Intereferences . 

None. 



3. Status of Claims . 

None of the pending claims are allowed or objected to. All of claims 1-348 are either: 1) 
rejected and being appealed; or 2) canceled, in accordance with the listing below: 



an Advisory Office Action. While preparing the original Appeal Brief, Applicant realized that 
dependent claims 288-317 should also have been canceled, as they depend from canceled claims; 
accordingly, on October 23, 2007, Applicant filed (via facsimile) a Supplemental Amendment After 
Final Office Action canceling dependent claims 288-3 17. 
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Claims 


Status 


1-183 


Canceled. 


184-189 


Rejected and being appealed. 


190. 


Canceled. 


191-213 


Rejected and being appealed. 


214 


Canceled. 


215-229 


Rejected and being appealed. 


230 


Canceled. 


231-234 


Rejected and being appealed. 


235 


Canceled. 


236-243 


Rejected and being appealed. 


244-247 


Canceled. 


248-255 


Rejected and being appealed. 


256-257 


Canceled. 


258-271 


Rejected and being appealed. 


272-278 


Canceled. 


279 


Rejected and being appealed. 


280-326 


Canceled. 


327-340 


Rejected and being appealed. 


341-345 


Canceled. 


346-348 


Rejected and being appealed. 



Status of Amendments 
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On July 30, 2007, Applicant filed an Amendment After Final Office Action. The entry of 
the aforementioned amendment (which merely canceled additional claims) was confirmed by the 
Examiner within an Advisory Office Action mailed on September 6, 2007. 

While preparing the original Appeal Brief filed on October 29, 2007, Applicant realized that 
dependent claims 288-317 should also have been canceled, since they all depend, directly or 
indirectly, fi"om canceled claims (either canceled claim 287 or canceled claim 272). Accordingly, 
on October 23, 2007, Applicant filed (via facsimile) a Supplemental Amendment After Final Office 
Action canceling dependent claims 288-317, without prejudice to the presentation of such claims in 
a continuation patent application. It is not yet known whether the Examiner will enter such 
Supplemental Amendment, though entry of such Supplemental Amendment would appear to be 
proper pursuant to 37 C.F.R. §41 .33(a). Accordingly, the Claims Appendix to this First Amended 
Appeal Brief indicates that dependent claims 288-3 17 have been canceled. 

5. Summary of Claimed Subject Matter. 

Applicant has set forth below a concise explanation of the subject matter defined in each of 
the independent claims (236, 248, 252, 258, 260, 264, and 268) involved in the appeal, including 
references to the specification by page and line number, and to the drawings by reference 
characters, where appropriate. 

Claim 236: 

Claim 236 recites a method for verifying whether an e-mail message 12 sent by a sending 
party 10 was accessed by an intended recipient 20. In practicing such method, an e-mail message 
12 is transmitted from a sender computer 1 1 to an intended recipient 20 over a communications 
network 13 (see spec. p. 12, lines 3-13, and p. 13, lines 16-18). E-mail message 12 is delivered to a 
designated recipient e-mail address. The recited method includes the step of detecting an access 
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event (see spec. p. 17, line 20 through p. 18, line 2; and see items 18 and 25 in Fig. 1), and prompts 
the accessing party 20 to input recipient data (see spec. p. 27, lines 6-23) before allowing the access 
to such email message by the accessing party 20; the aforementioned recipient data includes 
identifying data related to the accessing party 20. The method of claim 236 also sends recipient 
data back to sending party 10 for confirming proper delivery of e-mail message 12 (see spec. p. 23, 
lines 3-14, and p. 31, lines 11-15). 

Claim 248: 

Claim 248 recites a system for verifying whether an e-mail message 12 sent by a sending 
party 10 was accessed by an intended recipient. The system of claim 248 includes a sender 
computer 1 1 connected to a commxmications network 13 and from which e-mail message 12 is 
transmitted (see spec. p. 13, lines 16-18, and p. 14, lines 12-13). The system of claim 248 also 
includes a recipient computer 14/21 connected to commimications network 13 (see items 14 and 21 
in Fig. 1, and see spec. p. 14, line 24 through p. 15, line 14, and p. 16, line 24 through p. 17, line 9); 
the recipient computer 14/21 is capable of receiving e-mail message 12 and includes data storage 
17/24 for storing received e-mail message 12 (see items 17 and 24 in Fig. 1, and see spec. p. 17, 
lines 10-19). 

The system of claim 248 also includes sofhvare (e.g., executable attachment file 12' in Fig. 
1) that is capable of detecting an access event (see spec. p. 17, line 20 through p. 18, line 2); upon 
detecting such access event, this software 12' prompts accessing party 20 to input recipient data 
before allowing access to e-mail message 12 (see spec. p. 27, lines 6-23). The recipient data 
inputed by accessing party 20 includes identifying data which identifies the accessing party 20 (e.g., 
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see spec. p. 27, lines 13-17, and p. 29, lines 14-23) . The system of claim 248 also includes 
"means" (e.g., software) for sending recipient data back to sending party 10 for confirming proper 
delivery of e-mail message 12 (see item 28 in Fig. 1; items 44 and 45 in Fig. 2, and see Figs. 3 and 
4; also see, for example, spec. p. 19, lines 1-11). 

Claim 252: 

Claim 252 recites a system for verifying whether an e-mail message sent by a sending party 
10 was accessed by an intended recipient. The system of claim 252 includes a sender computer 1 1 
connected to a commimications network 13 and from which e-mail message 12 is transmitted (see 
spec. p. 13, lines 16-18, and p. 14, lines 12-13). The system of claim 252 also includes a recipient 
computer 14/21 connected to communications network 13 (see items 14 and 21 in Fig. 1, and see 
spec. p. 14, line 24 through p. 15, line 14, and p. 16, line 24 through p. 17, line 9); the recipient 
computer 14/21 is capable of receiving e-mail message 12 and includes data storage 17/24 for 
storing received e-mail message 12 (see items 17 and 24 in Fig. 1, and see spec. p. 17, lines 10-19). 

The system of claim 252 further includes a "means" for recognizing biometric attributes of 
an individual (see spec. p. 29, line 14 through p. 30, line 23). 

The system of claim 252 also includes software capable of detecting an access event (see 
spec. p. 17, line 20, through p. 18, line 2) and identifying an individual through utilization of 
inputted biometric attributes of said individual (see spec. p. 29, line 14 through p. 30, line 23). 

Lastly, the system of claim 252 includes "means" (e.g., software) for sending data that 
identifies the accessing party back to sending party 10 for confirming proper delivery of the e-mail 
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message 12 (see item 28 in Fig. 1; items 44 and 45 in Fig. 2, and see Figs. 3 and 4; also see, for 
example, spec. p. 19, lines 1-11). 

Claim 258: 

Claim 258 recites a method for verifying whether an e-mail message 12 sent by a sending 
party 10 was accessed by an intended recipient 20. In practicing such method, an e-mail message 
12 is transmitted from a sender computer 1 1 to an intended recipient 20 over a communications 
network 13 (see spec. p. 12, lines 3-13, and p. 13, lines 16-18), and is delivered to an e-mail 
address. The recited method includes the step of detecting an access event (see spec. p. 17, line 20 
through p. 18, line 2; and see items 18 and 25 in Fig. 1), and prompts the accessing party 20 to 
input recipient data (see spec. p. 27, lines 6-23) before allowing the access to such email message 
by the accessing party 20; the aforementioned recipient data includes identifying data associated 
with the accessing party 20. The method of claim 258 also sends recipient data back to sending 
party 10 for confirming proper delivery of the e-mail message 12 (see spec. p. 23, lines 3-14, and p. 
31, lines 11-15). 

Claim 260: 

Claim 260 recites a method for verifying whether an e-mail message 12 sent by a sending 
party 10 was accessed by an intended recipient 20. In practicing such method, an e-mail message 
12 is transmitted from a sender computer 1 1 to an intended recipient 20 over a communications 
network 13 (see spec. p. 12, lines 3-13, and p. 13, lines 16-18), and is delivered to a recipient e- 
mail address. The recited method includes the step of detecting an access event (see spec. p. 17, 
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line 20 through p. 18, line 2; and see items 18 and 25 in Fig. 1). The method of claim 260 includes 
the fiirther step of acquiring recipient data, wherein such recipient data is related to biometric 
identification of the accessing party 20 (see spec. p. 29, line 14 through p. 30, line 23). 

The method of claim 260 also sends recipient data back to sending party 10 for confirming 
proper delivery of the e-mail message 12 (see spec. p. 23, lines 3-14, and p. 31, lines 11-15). 

Claim 264: 

Claim 264 recites a method for verifying whether an e-mail message 12 sent by a sending 
party 10 was accessed by an intended recipient 20. In practicing such method, an e-mail message 
12 is transmitted from a sender computer 1 1 to an intended recipient 20 over a communications 
network 13 (see spec. p. 12, lines 3-13, and p. 13, lines 16-18). E-mail message 12 is delivered to 
an e-mail address. The method of claim 264 includes the step of utilizing biometric identification 
information to identify a recipient requesting access to the email message (see spec. p. 29, line 14 
through p. 30, line 23). 

The method of claim 264 further includes the step of detecting an access event (see spec. p. 
17, line 20 through p. 18, line 2; and see items 18 and 25 in Fig. 1). The method of claim 264 also 
sends recipient identification data back to sending party 10 for confirming proper delivery of the e- 
mail message 12 (see spec. p. 23, lines 3-14, and p. 31, lines 1 1-15). 

Claim 268: 

Claim 268 recites a method for verifying whether an e-mail message 12 sent by a sending 
party 10 was accessed by an intended recipient 20. In practicing such method, an e-mail message 
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12 is transmitted from a sender computer 1 1 to an intended recipient 20 over a communications 
network 13 (see spec. p. 12, lines 3-13, and p. 13, lines 16-18), and is delivered to an e-mail 
address. The method of claim 268 includes the further step of identifying a recipient requesting 
access to e-mail message 12 using biometric identification information associated with such 
recipient (see spec. p. 29, line 14 through p. 30, line 23). 

The method of claim 268 further includes the step of detecting an access event (see spec. p. 
17, line 20 through p. 18, line 2; and see items 18 and 25 in Fig. 1). The method of claim 268 also 
sends recipient identification data back to sending party 10 for confirming proper delivery of the e- 
mail message 12 (see spec. p. 23, lines 3-14, and p. 31, lines 11-15). 

6. Grounds of Rejection to be Reviewed on Appeal; 

a. Did the Patent Examiner error in rejecting claims 184-189, 191-213, 215-229, 231-234, 
236-243, 248-255, 258-271, 279, 327-340, and 346-348, as describing subject matter that would 
have been obvious to those skilled in the art under 35 U.S.C. Section 103(a) based upon Choi (U.S. 
Pat. No. 6,629,131), Flynn (U.S. Pat. No. 6,618,747), and Bisbee (U.S. Pat. No. 5,748,738)? 

7. Ar gument . 

A. The Cited Prior Art. 

Choi (U.S. Patent No. 6.629. OH: 

The cited '131 patent to Choi describes a method for confirming receipt of an email 
message. Choi's method assigns a unique code to an e-mail message sent by a sender, and records 
the imique code in a database. This unique code is generated at the sender's end of the 
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transmission and is attached to the e-mail message as a "CGI executive program". Upon access of 
the email message by the recipient, Choi's method sends the unique code that was attached to the 
message back to the web server of the sender; this step is performed by the automatic execution of 
the attached "CGI executive program" executed at the receiver's end when the e-mail message is 
received by the receiver. A comparison is made of the unique code received from the CGI 
executive program and the unique code previously recorded when the sender first sent the email 
message. If the two codes are identical, then confirmation information is sent to the sender 
indicating that the email message has been accessed. 
Flvnn gj.S. Patent No. 6.618.747): 

The cited '747 patent to Flynn discloses a system wherein an intended recipient is notified 
that an email message has been posted at a third party web host for such recipient. Notification of 
the existence of the posted e-mail is communicated by the third party web host which sends an e- 
mail message informing the recipient that an e-mail message is waiting for the recipient at a 
specified third party web host URL. Included in this e-mail message is the third party URL address 
where the posted message is located. If the intended recipient accesses the message, a confirmation 
notice is sent to the sender to confirm that the message was downloaded. Flynn describes the URL 
address at which the posted e-mail message is posted on the third party web host as a "imique call 
address" (assigned by Flynn' s Web Server 24) that provides access to an e-mail message stored at 
such unique call address on the third party Web server. When the email message is downloaded by 
the requesting party, Flynn's system sends a confirmation of receipt notice that includes the address 
to which the email was downloaded, the time it was downloaded, and optionally, a compressed 
copy of the original message. 
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Bisbee fU.S. Pat. No. 5.748.738): 

The cited patent to Bisbee discloses a system for verifying the authenticity of the creator of 
an electronic document. An authentication center provides third party verification that a document 
is being transmitted by the originator of the document. Bisbee mentions the use by the 
Certification Authority of personal identification information, such as biometric information (e.g., 
retina-, finger-, and voice-prints), to identify the document originator. 

B. The Examiner's Rejections; 

Within the final Office Action mailed June 6, 2007, the Patent Examiner finally rejected 
claims 184-189, 191-213, 215-229, 231-234, 236-243, 248-255, 258-271, 279, 327-340, and 346- 
348 under Section 103(a). The Examiner rejected such claims as describing subject matter 
considered to be unpatentable over Choi (U.S. Pat. No. 6,629,131), Flynn (U.S. Pat. No. 
6,618,747), and Bisbee (U.S. Pat. No. 5,748,738). 

C. The Cited Patents Do Not Render Obvious the Appealed Claims: 

Claim 236: 

Claim 236 sets forth a method for verifying whether an e-mail sent by a sending party was 
accessed by an intended recipient. The recited method includes the step of "detecting an access 
event, and prompting the party associated with said access event to input recipient data prior to 
allowing the requested access". Moreover, claim 236 states that the "recipient data" (which the 
recipient must input before being allowed to access the e-mail message) includes "identifying data 
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related to the party associated with said requested access". Claim 236 further recites that such 

"recipient data" is then sent to confirm proper delivery of the e-mail message. 

The Patent Examiner rejected claim 236 within paragraph 4 on page 2 of the final Office 

Action mailed June 6. 2007. Within such paragraph 4, the Patent Examiner stated the following: 

"4. As per claims .... 236, .... Choi disclosed a method for verifying whether an e-mail sent 
by a sending party was accessed by an intended recipient, said method comprising a) storing 
recipient data pertaining to an actual recipient of e-mail in a data file, said stored data file 
containing identifying data that identifies actual e-mail recipient and further being 
associated with actual recipient's email address (col. 1, lines 36-53); b) transmitting an e- 
mail from a send computer to an intended recipient, the sender computer being connected to 
a communications network; c) delivering said e-mail to a recipient e-mail address (col. 2, 
lines 59-67). However, Choi did not explicitly disclose d) detecting an access event, and 
discovering stored data file that is associated with said actual recipient's e-mail address and 
(e) sending identifying data contained in said discovered data file for confirmmg proper 
delivery of said e-mail." 

Within the Examiner's above-quoted remarks, the Examiner did not address the requirement in 

claim 236 for the step of "detecting an access event, and prompting the party associated with said 

access event to input recipient data prior to allowing the requested access". Neither Choi nor 

Flynn discloses or suggests this aspect of applicant's invention. 

The only portion of the final Office Action in which the Examiner addressed the 

requirement in claim 236 for "detecting an access event, and prompting the party associated with 

said access event to input recipient data prior to allowing the requested access" is in paragraph 17 

on page 7 of the final Office Action, hi paragraph 17 of the final Office Action, the Patent 

Examiner stated the following: 
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"17. Applicant argued that neither Flynn nor Choi, disclose or suggest prompting a 
party requesting to access an e-mail to enter recipient data after detecting an access event. 

As to applicant's argument examiner introduced Bisbee, which prompts the user to 
enter its recipient data (I.E. biometric, password information) to access the event (checking 
the e-mail message). Please see rejection on line 4 / sic paragraph 4 ? ] of this office 
action." 

As will be shovra below, the Patent Examiner's contention that Bisbee prompts a user to enter 
recipient data in order to access an e-mail message is incorrect, and unsupported by the Bisbee 
disclosure. 

The Background section of Bisbee (set forth in columns 1 and 2 of the Bisbee patent) is 
concemed with the problem of document alteration/document forgery. Later, (in col. 6), Bisbee 
talks about preventing the originator from denying the authenticity of the document. These remarks 
relate to the identity of the originator of the document, and not to an individual seeking access to 
such docimient. 

Bisbee proposes that the true identity of the document originator can be verified by use of a 

"Token", as Bisbee explains at col. 4, lines 35-49, as follows: 

" As described below, the public/private key is advantageously delivered in the form 
of a Token such as an electronic circuit card conforming to the standards of the PC Memory 
Card Interface Association (a PCMCIA card or PC Card) for use in the originator's 
computer . In general a Token is a portable transfer device that is used for transporting 
keys, or parts of keys. It will be understood that PC Cards are just one form of delivery 
mechanism for public/private keys for Applicant's DAS; other kinds of Tokens may also be 
used, such as floppy diskettes and Smart Cards. To ensure reliable delivery a service such 
as the bonded courier services commonly used to ferry securities between parties could be 
used to deliver the media to the document originator ." (Emphasis added) 
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At col. 4, line 61, through col. 5, line 4, the Bisbee specification states the following: 

" In an additional aspect of Applicant's invention, the public/private key is only 
effective when it is used in conjunction with a certificate and personal identification 
information such as the recipient's biometric information (e.g., retina-, finger-, and voice- 
prints) or a personal identification number (PIN) that is assigned to the recipient of the card 
by the Certification Authority and that may be delivered separate from the originator's card. 
Any subsequent transmitter of the document who is required to digitally sign or encrypt the 
document would similarly be provided with a respective card and personal identification 
information." 

Within the text quoted immediately above, Bisbee uses the word "recipient" to mean the recipient 
of the Token "for use in the originator's computer" (see col. 4, lines 35-49, which describe delivery 
of the Token to the "document originator"). See also col. 4, line 60 (".. the reliable delivery of the 
Token to the authorized recipient."). 

Thus, when Bisbee speaks of "personal identification information such as the recipient's 
biometric information (e.g., retina-, finger-, and voice-prints) or a personal identification number 
(PIN) that is assigned to the recipient of the card by the Certification Authority", Bisbee is 
referring to the "recipient" of the Token and/or PC Card (i.e., the document transmitter/originator), 
and not the intended recipient of the document requiring authentication. Indeed, the only portion of 
the Bisbee specification that actually discusses the issue of who has the right to access a document 
is in col. 10, lines 17-22; that portion of Bisbee is very vague, and it certainly does not disclose or 
suggest the step of prompting the accessing party to input recipient data after detecting an access 
event, and prior to allowing the requested access. 

Accordingly, the Examiner's rejection of claim 236 is not supported by the cited references 
and should be reversed. 
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Claim 248: 

Claim 248 recites a system for verifying whether e-mail sent by a sending party was 
accessed by an intended recipient, wherein such system includes, among other things, a recipient 
computer connected to a communications network and being capable of receiving and storing a 
transmitted e-mail message, and software capable of detecting an access event, "... said software 
prompts the party associated with said access event to input recipient data prior to allowing the 
requested access". 

Once again, the Patent Examiner's rejection of claim 248 is set forth in paragraph 4 of the 
final Office Action, but such paragraph 4 fails to address the requirement within claim 248 for 
software capable of detecting an access event and thereafter prompting the accessing party to input 
recipient data prior to allowing the requested access. 

In addition, for the reasons explained above relative to claim 236, the Examiner's remarks 
in paragraph 17 of the final Office Action, bzised upon Bisbee, fail to demonstrate that Bisbee 
teaches or suggests software capable of detecting an access event and thereafter prompting the 
accessing party to input recipient data prior to allowing the requested access. 

Accordingly, the Examiner's rejection of claim 248 is not supported by the cited references 
and should be reversed. 

Claim 252: 

Claim 252 recites a system for verifying whether e-mail sent by a sending party was 
accessed by an intended recipient, the system including, among other things, a recipient computer 
connected to a communications network and being capable of receiving and storing a transmitted e- 
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mail message; "biometric identification means" for recognizing biometric attributes of an 
individual; software capable of detecting an access event and identifying an individual through 
utilization of inputted biometric attributes of said individual; and " means" for sending data that 
identifies said individual for confirming proper delivery of said e-mail. 

The Examiner sets forth the basis of the rejection of claim 252 in paragraph 4 of the final 
Office Action. While the Examiner concedes that neither Choi nor Flynn explicitly disclose 
detecting an individual by utilizing inputted biometric attributes of an individual, the Examiner 
contends that "Bisbee disclosed detecting an individual through utilization of inputted biometric 
attributes of said individual (col. 1, lines 37-51 & col. 4, lines 36-67)." The Examiner concludes 
that "it would have been obvious ... to have incorporated detecting an accessing individual through 
utilization of biometric attributes as disclosed by Bisbee ... ". 

However, the Examiner's arguments are not supported by the Bisbee reference. The portion 
of Bisbee's specification noted by the Examiner in col. 1 (lines 37-51) are directed to the problem 
of authenticating the "transferor" and/or "document's originator". Likewise, as applicant has 
explained above, the portion of Bisbee's specification appearing in col. 4, lines 36-67, is directed to 
authenticating the document's originator, and not a subsequent recipient of the document. 

Accordingly, the Examiner's proposed combination of Bisbee with Choi and Flynn 
nonetheless fails to provide, or suggest, the invention recited in claim 252. 

Claim 258: 

Claim 258 recites a method for verifying whether an e-mail sent by a sending party was 
accessed by an intended recipient. The preamble and steps a) and d) of claim 258 are identical to 
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method claim 236 discussed above. Step b) of claim 258 differs from step b) of claim 236 only in 
that claim 258 is less specific about where the email message is delivered ["delivering said e-mail 
to an e-mail address" (claim 258) versus "delivering said e-mail to a recipient e-mail address" 
(claim 236)]. 



The differences between step c) of claim 258 and step c) recited in claim 236 are 
highlighted in the table below: 



Claim 258 


Claim 236 


c) detecting an access event, and 
prompting the party 
that requested said access 
to input recipient data prior to allowing the 
requested access, said recipient data including 
identifying data 

that is associated with the party that 
requested said access; and 


c) detecting an access event, and 
prompting the party 
associated with said access event 
to input recipient data prior to allowing the 
requested access, said recipient data including 
identifying data 

related to the party associated with said 
requested access; and 



The Examiner's asserted basis for rejecting claim 258 is identical to the Examiner's asserted basis 
for rejecting claim 236 already discussed above. Applicant's remarks, set forth above and directed 
to rejected claim 236, apply with equal force relative to the rejection of claim 258. The Patent 
Examiner's contention that Bisbee prompts a user to enter recipient data in order to access an e- 
mail message is incorrect, and the rejection of claim 258 should be reversed. 
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Claim 260: 

Claim 260 recites a method for verifying whether e-mail sent by a sending party was 
accessed by an intended recipient, and includes, inter alia, the steps of detecting an access event; 
acquiring recipient data that is related to biometric identification of the recipient; and sending 
recipient data for confirming proper delivery of said e-mail. The Examiner's rejection of claim 260 
is set forth in paragraph 4 of the final Office Action. On page 3 of the final Office Action, the 
Examiner concedes that the cited patents to Flyim and Choi fail to disclose detecting the identity of 
an individual through utilization of inputted biometric attributes of said individual. The Examiner 
contends that it would have been obvious to those skilled in the art to apply Bisbee's teachings 
regarding biometric attributes to identify the party who received an email message. 

As noted above, Bisbee's discussion of "personal identification information such as the 
recipient's biometric information (e.g., retina-, finger-, and voice-prints) ..." refers to the party who 
originates and/or transmits a document, who is a "recipient" of the Token and/or PC Card used to 
authenticate the sender of the document. Bisbee never states or suggests that biometric 
information might be used to identify a party receiving such document. 

Accordingly, the Examiner's proposed combination of Bisbee with Choi and Flyrm fails to 
render obvious the subject matter recited in claim 260, and the Examiner's rejection should 
therefore be reversed. 

Claim 264: 

Claim 264 recites a method for verifying whether e-mail sent by a sending party was 
accessed by an intended recipient, including, among others, the steps of identifying a recipient 
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utilizing biometric identification; detecting an access event; and sending data that identifies said 
recipient for confirming proper delivery of said e-mail. The Examiner's rejection of claim 264 is 
set forth in paragraph 4 of the final Office Action. 

As noted in regard to claim 260, the Examiner has conceded (see page 3 of the final Office 
Action) that the cited patents to Flynn and Choi fail to disclose detecting the identity of an 
individual through utilization of inputted biometric attributes of said individual. Nonetheless, the 
Examiner contends that it would have been obvious to those skilled in the art, based upon Bisbee, 
to utilize biometric attributes to identify the party who received an email message. 

The applicant has already pointed out that Bisbee' s disclosure teaches the use of biometric 
information only to identify the originator/sender of a document, and that Bisbee's disclosure fails 
to disclose or suggest the use of biometric information to identify a party receiving a document. 
Therefore, the Examiner's proposed combination of Bisbee Mdth Choi and Flynn does not suggest 
the subject matter recited in claim 264, and the Examiner's rejection should accordingly be 
reversed. 
Claim 268: 

Claim 268 recites a method for verifying whether an e-mail sent by a sending party was 
accessed by an intended recipient. The preamble and steps a), b), d) and e) of claim 268 are 
identical to method claim 264 discussed above. The differences between step c) of claim 268 and 
step c) recited in claim 264 are highlighted in the table below: 
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Claim 268 


Claim 264 


c) identifying a recipient 
in association with 
biometric identification; 


c) identifying a recipient 
utilizing 

biometric identification; 



Notwithstanding the differences in the wording of step c) as between claims 268 and 264, the cited 
Bisbee patent does not make use of any biometric information to identify the recipient of a 
document . Thus, the rejection of claim 268 should be reversed for essentially the same reasons as 
explained above in regard to independent claims 260 and 264. 



8. Conclusion: 

Accordingly, Appellant submits that the appealed independent claims 236, 248, 252, 258, 
260, 264, and 268, and those appealed claims dependent therefrom, define subject matter that is 
patentably distinguishable over the applied prior art, and requests the Board to reverse the rejection 
of appealed claims 184-189, 191-213, 215-229, 231-234, 236-243, 248-255, 258-271, 279, 327- 
340, and 346-348. 

Respectfully submitted, 

CAHILL, VON HELLENS & GLAZER P.L.C. 




Registration No. 28,801 

155 Park One 

2141 East Highland Avenue 
Phoenix, Arizona 85016 
Ph. (602) 956-7000 
Fax (602) 495-9475 
Docket No. 6589-A-7 
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CLAIMS APPENDIX rClaims Involved In The App eal) 

1.-183. Canceled. 

1 84. The method as recited in claim 258 wherein said step of sending recipient data for 
confirming proper delivery of said e-mail includes the steps of: 

a) generating a confirmation of receipt notice wherein the inputted recipient data is included with 
said confirmation of receipt notice; and 

b) sending said confirmation of receipt notice, wherein the inputted recipient data included with 
said confirmation of receipt notice can be compared to information associated with said intended 
recipient in order to verify whether the e-mail was accessed by the intended recipient. 

1 85. The method as in claim 236, wherein said access event comprises access of said e-mail 
that was delivered to said recipient e-mail address. 

1 86. The method as in claim 236, wherein said access event comprises access of an e-mail 
account associated with said recipient e-mail address. 

1 87. The method as in claim 236, wherein said access event comprises activation of an e-mail 
processing software associated with said recipient e-mail address. 

1 88. The method as in claim 236, wherein the step of transmitting an e-mail from a sender 
computer includes attaching an executable attachment file in conjunction with the e-mail, the 
executable attachment file having a first module for prompting the party who requested said access 
event to enter recipient data; and 
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and wherein the step of detecting an access event includes the step of executing the first 
module of the executable attachment file. 

1 89. The method as in claim 1 88, wherein the executable attachment file has a second module 
transmitted and delivered therewith, the second module for detecting the access event, and further 
comprising the step of automatically executing the second module upon delivery of the attachment 
file to the recipient e-mail address. 

190. Canceled. 

191. The method as in claim 236, wherein said recipient e-mail address is associated with a 
recipient computer. 

1 92. The method as in claim 191, wherein said recipient computer is a server of a service 
provider. 

1 93 . The method as in claim 191, wherein said recipient computer is a user system that is 
directly accessible by a recipient, said user system including electronic mail processing software. 

194. The method as in claim 236 , wherein said inputted recipient data pertains to 
alphanumeric text identification, biometric identification, password identification, a computer 
generated user code, or a combination thereof. 

195. The method as in claim 236, wherein said inputted recipient data comprises identity 
information that identifies an individual. 
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196. The method as in claim 195, wherein said identity information pertains to biometric 
identification. 

197. The method as in claim 196 further comprising the step of recognizing biometric 
attributes of an individual. 

198. The method as in claim 195, wherein said identity information includes alphanumeric 
text identification information. 

199. The method as in claim 236 , wherein said inputted recipient data comprises information 
that identifies a business. 

200. The method as in claim 236, wherein said inputted recipient data comprises information 
that identifies an organization. 

201 . The method as in claim 236 , wherein said inputted recipient data comprises a computer 
generated user code. 

202. The method as in claim 236 further including the step of sending access event data of 
attendant conditions of said access event. 

203. The method as in claim 236 , wherein said recipient is an individual. 

204. The method as in claim 236, wherein said recipient is a business. 

205. The method as in claim 236, wherein said recipient is an organization. 
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206. The method as in claim 236, wherein said inputted recipient data is used to verify proper 
delivery of legal documents. 

207. The method as in claim 236, wherein said inputted recipient data is used to verify 
proper delivery of confidential documents. 

208. The method recited by claim 260 wherein said step of sending recipient data for 
confirming proper delivery of said e-mail includes the steps of: 

a) generating a confirmation of receipt notice wherein the acquired recipient data is 
included with said confirmation of receipt notice; and 

b) sending said confirmation of receipt notice, wherein the acquired recipient data 
contained with said confirmation of receipt notice can be compared to information associated with 
said intended recipient in order to verify whether the email was accessed by the intended recipient. 

209. The method as in claim 260, wherein said access event comprises access of said e-mail 
that was delivered to said recipient e-mail address. 

2 1 0. The method as in claim 260, wherein said access event comprises access of an e-mail 
accoimt associated with said recipient e-mail address. 

211. The method as in claim 260, wherein said access event comprises activation of e-mail 
processing software associated with said recipient e-mail address. 

212. The method as in claim 260, wherein the step of transmitting an e-mail from a sender 
computer includes attaching an executable attachment file in conjimction with the e-mail, the 
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executable attachment file having a first module for acquiring recipient data that is related to 
biometric identification of the recipient, and 

wherein the step of detecting an access event includes the step of executing the first module 
of the executable attachment file. 

213. The method as in claim 212, wherein the executable attachment file has a second module 
transmitted and delivered therewith, the second module for detecting the access event, and fiirther 
comprising the step of: 

automatically executing the second module upon delivery of the attachment file to the 
recipient e-mail address. 

214. Canceled. 

215. The method as in claim 260, wherein said recipient e-mail address is associated with 
a recipient computer. 

216. The method as in claim 215, wherein said recipient computer is a server of a service 
provider that is capable of receiving e-mail. 

217. The method as in claim 215, wherein said recipient computer is a user system that is 
directly accessible by the recipient, said user system including electronic mail processing software 
and being capable of receiving e-mail. 

218. The method as in claim 260, wherein said acquired recipient data is related to a 
biometric imprint, alphanumeric text identification, password identification, a computer generated 
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user code, or a combination thereof. 

219. The method as in claim 260, wherein said acquired recipient data comprises identity 
information that identifies an individual. 

220. The method as in claim 260 fiirther comprising means for recognizing biometric 
attributes of an individual. 

221. The method as in claim 260, wherein said acquired recipient data comprises 
information that identifies a business. 

222. The method as in claim 260, wherein said acquired recipient data comprises 
information that identifies an organization. 

223. The method as in claim 260, wherein said acquired recipient data comprises a 
computer generated user code. 

224. The method as in claim 260 further including the step of sending access event data 
of conditions attendant said access event. 

225. The method as in claim 260, wherein said recipient is an individual. 

226. The method as in claim 260, wherein said recipient is a business. 

227. The method as in claim 260, wherein said recipient is an organization. 
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228. The method as in claim 260, wherein said sent recipient data is used to verify proper 
delivery of legal documents. 

229. The method as in claim 260, wherein said sent recipient data is used to verify proper 
delivery of confidential documents. 

230. Canceled. 

23 1 . The method as in claim 260, wherein said recipient data is acquired as a requisite 
condition for permitting access to said delivered e-mail. 

232. The method as in claim 260, wherein said recipient data is acquired as a requisite 
condition for permitting access to said recipient e-mail address. 

233. The method as in claim 260, wherein said recipient data is acquired as a requisite 
condition for operating a remote user computer, said remote user computer being operable to gain 
access to said recipient e-mail address. 

234. The method as in claim 260, wherein said recipient data is comprised of 
alphanumeric text, said alphanumeric text being associated with the at least one biometric attribute 
of said recipient. 

235. Canceled. 

236. A method for verifying whether an e-mail sent by a sending party was accessed by 
an intended recipient, said method comprising: 
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a) transmitting an e-mail from a sender computer to an intended recipient, the sender 
computer being connected to a communications network; 

b) delivering said e-mail to a recipient e-mail address; 

c) detecting an access event, and prompting the party associated with said access event to 
input recipient data prior to allowing the requested access, said recipient data including identifying 
data related to the party associated with said requested access; and 

d) sending recipient data for confirming proper delivery of said e-mail. 

237. The method recited by claim 264 wherein the step of sending data that identifies said 
recipient for confirming proper delivery of said e-mail includes the steps of : 

a) generating a confirmation of receipt notice wherein the data that identifies the recipient 
is included with said confirmation of receipt notice; and 

b) sending said confirmation of receipt notice, wherein the data that identifies the recipient 
that is included with said confirmation of receipt notice can be compared to information associated 
with said intended recipient in order to verify whether the email was accessed by the intended 
recipient. 

238. The method as in claim 264, wherein said data that identifies said recipient is related 
to a biometric imprint, alphanumeric text identification, password identification, a computer 
generated user code, or a combination thereof 

239. The method as in claim 264, wherein the data that identifies said recipient is 
comprised of alphanvimeric text, said alphanumeric text being associated with tfie at least one 
biometric attribute of said recipient. 
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240. The method as in claim 264 further including the step of recognizing biometric 
attributes of an individual. 

241 . The method as in claim 264, wherein said data that identifies said recipient 
comprises identity information that identifies an individual. 

242. The method as in claim 264, wherein said data that identifies said recipient 
comprises information that identifies a business. 

243. The method as in claim 264, wherein said data that identifies said recipient 
comprises information that identifies an organization. 

244. - 247. Canceled. 

248. A system for verifying whether e-maii sent by a sending party was accessed by an 

intended recipient, said system comprising: 

a) a sender computer cormected to a commimications network and fi-om which an e- 
mail is transmitted; 

b) a recipient computer connected to said communications network, said recipient 
computer capable of receiving said transmitted e-mail and further having data storage means for 
storing said received e-mail; 

c) software capable of detecting an access event, wherein, upon detecting said access 
event, said software prompts the party associated with said access event to input recipient data prior 
to allowing the requested access, said recipient data comprising identifying data related to the party 
associated with said requested access; and 

d) means for sending recipient data for confirming proper delivery of said e-mail. 
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249. The system as in claim 248, wherein said access event comprises access of a delivered e- 
mail. 

250. The system as in claim 248, wherein said access event comprises access of an e-mail 
account associated with the e-mail address to which said e-mail was delivered. 

251. The system as in claim 248, wherein said access event comprises activation of e-mail 
processing software associated with the e-mail address to which said e-mail was delivered. 

252. A system for verifying whether e-mail sent by a sending party was accessed by an 
intended recipient, said system comprising: 

a) a sender computer connected to a communications network and from which an e-mail is 
transmitted; 

b) a recipient computer connected to said communications network, said recipient 
computer being capable of receiving said transmitted e-mail and fiuther having data storage means 
for storing said received e-mail; 

c) biometric identification means for recognizing biometric attributes of an individual; 

d) software capable of detecting an access event and identifying an individual through 
utilization of inputted biometric attributes of said individual; and 

e) means for sending data that identifies said individual for confirming proper delivery of 
said e-mail. 

253. The system as in claim 252, wherein said access event comprises access of a 
delivered e-mail. 
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254. The system as in claim 252, wherein said access event comprises access of an e-mail 
account associated with the e-mail address to which said e-mail was delivered. 

255. The system as in claim 252, wherein said access event comprises activation of the e-mail 
processing software associated with the e-mail address to which said e-mail was delivered. 

256. -257. Canceled. 

258. A method for verifying whether an e-mail sent by a sending party was accessed by an 
intended recipient, said method comprising: 

a) transmitting an e-mail from a sender computer to an intended recipient, the sender 
computer being coimected to a communications network; 

b) delivering said e-mail to an e-mail address; 

c) detecting an access event, and prompting the party that requested said access to input 
recipient data prior to allowing the requested access, said recipient data including identifying data 
that is associated with the party that requested said access; and 

d) sending recipient data for confirming proper delivery of said e-mail. 

259. The method recited by claim 236 wherein said step of sending recipient data for confirming 
proper delivery of said e-mail includes the steps of: 

a) generating a confirmation of receipt notice wherein the inputted recipient data is included 
with said confirmation of receipt notice; and 

b) sending said confirmation of receipt notice, wherein the inputted recipient data included 
with said confirmation of receipt notice can be compared to information associated with said 
intended recipient in order to verify whether the e-mail was accessed by the intended recipient. 
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260. A method for verifying whether e-mail sent by a sending party was accessed by an 
intended recipient, said method comprising: 

a) transmitting an e-mail from a sender computer to an intended recipient, the sender 
computer being connected to a communications network; 

b) delivering said e-mail to a recipient e-mail address; 

c) detecting an access event; 

d) acquiring recipient data that is related to biometric identification of the recipient; and 

e) sending recipient data for confirming proper delivery of said e-mail. 

261 . The method as recited in claim 260 wherein said recipient data is acquired prior to said 
access event. 

262. The method as recited in claim 260 wherein said recipient data is acquired after said access 
event. 

263. The method as recited in claim 260 wherein said recipient data is sent to an e-mail address. 

264. A method for verifying whether e-mail sent by a sending party was accessed by an 
intended recipient, said method comprising: 

a) transmitting an e-mail from a sender computer to an intended recipient, the sender 
computer being connected to a corrunimications network; 

b) delivering said e-mail to an e-mail address; 

c) identifying a recipient utilizing biometric identification; 

d) detecting an access event; and 

e) sending data that identifies said recipient for confirming proper delivery of said e-mail. 
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265. The method as recited in claim 264 wherein said recipient is identified prior to said access < 

266. The method as recited in claim 264 wherein said recipient is identified after said access 
event. 

267. The method as recited in claim 264 wherein said data that identifies said recipient is sent to 
an e-mail address. 

268. A method for verifying whether e-mail sent by a sending party was accessed by an intended 
recipient, said method comprising: 

a) transmitting an e-mail from a sender computer to an intended recipient, the sender 
computer being connected to a communications network; 

b) delivering said e-mail to an e-mail address; 

c) identifying a recipient in association with biometric identification; 

d) detecting an access event; and 

e) sending data that identifies said recipient for confirming proper delivery of said e-mail. 

269. The method as in claim 268 wherein said recipient is identified prior to said access event. 

270. The method as in claim 268 wherein said recipient is identified after said access event. 

271 . The method as in claim 268 wherein said data that identifies said recipient is sent to an e- 
mail address. 

272. -278. Canceled. 
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279. The system as in claim 252, wherein said data that identifies said individual for confirming 
proper delivery of said e-mail is sent to an e-mail address. 

280. -326. Canceled. 

327. The method as in claim 236, wherein said recipient data for confirming proper delivery of 
said e-mail is sent to an e-mail address. 

328. The method as in claim 236, wherein a remote user computer may be used to gain remote 
access to said recipient e-mail address. 

329. The method as in claim 236 wherein the party that is associated with said access event is 
an individual. 

330. The method as in claim 236 wherein the party that is associated with said access event is a 
business. 

331. The method as in claim 236 wherein the party that is associated with said access event is 
an organization. 

332. The method as in claim 258 wherein said recipient data for confirming proper delivery of 
said e-mail is sent to an e-mail address. 

333. The method as in claim 1 84, wherein said confirmation of receipt notice is sent to an e- 
mail address. 
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334. The method as in claim 258, wherein said inputted recipient data pertains to alphanumeric 
text identification, biometric identification, password identification, a computer generated user 
code, or a combination thereof. 

335. The method as in claim 208, wherein said confirmation of receipt notice is sent to an e- 
mail address. 

336. The method as in claim 260, wherein a remote user computer may be used to gain remote 
access to said recipient e-mail address. 

337. The method as in claim 219, wherein said identity information includes alphanumeric text 
identification. 

338. The method as in claim 237, wherein said confirmation of receipt notice is sent to an e- 
mail address. 

339. The method as in claim 268 , wherein said data that identifies said recipient is related to a 
biometric imprint, alphanimieric text identification, password identification, a computer generated 
user code, or a combination thereof 

340. The method as in claim 268 fiirther comprising the step of recognizing biometric attributes 
of an individual. 

341. -345. Canceled. 
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346. The system as in claim 248, wherein said recipient data for confirming proper deUvery of 
said e-mail is sent to an e-mail address. 

347. The system as in claim 252, wherein said individual is identified prior to said access event. 

348. The system as in claim 252, wherein said individual is identified after said access event. 
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EVIDENCE APPENDIX 

In regard to this Appeal, Appellant does not rely upon any evidence submitted pursuant to 
37 C.F.R. §§ 1.130, 1.131 or 1.132. 

The Patent Examiner has relied upon U.S. Pat. No. 6,629,131 (Choi); U.S. Pat. No. 
6,618,747 (Flynn), and U.S. Pat. No. 5,748,738 (Bisbee), and Appellant has included remarks in the 
foregoing First Amended Appeal Brief directed to such patent references. Accordingly, copies of 
the Choi, Flyrm, and Bisbee patents are attached hereto for the convenience of the Board. 
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1 2 

REGISTRATION MAIL SYSTEM WITH A The present invention also employs another mail control 

SENT E-MAIL CHECK FUNCTION ON system for comparing reception confirmation information 

INTERNET AND METHOD FOR THE SAME from a receiver with database information, recording the 

confirmation information in the database, and sending an 
5 informing signal to the sender. This mail control system 

BACKGROUND OF THE INVENTION organically acts with a web server and is in linkage with the 

1. Field of the Invention database. 

The present invention relates to a mail system and method ^htn the receiver reads the mail in an off-line state, if a 

for solving the problem that a sender cannot check whether application used by the receiver for reading the 

or not a receiver received (read) a mail in an internet lO ^o«s not support a hypertext markup language 

environment (FIG. 2) that is a switching system among mail (HTML), or if a text based emulator is used for reading the 

servers independently operated . ™^ above system cannot be applied, so a registration 

2. Description of Related Art ^y^^^^ ^ developed as an extended type based upon the 

Existing PC communication services (e.g.,. Chollian, '^T tnTl"^^^^ ^T"^ T""^^^ '° 
Hitel, Nowuri, and Unitel in Korea) each provides a sen 15 "^^^1 P^^^^ss the reception confirmation information, the 
"^.""'^^ ^" r^^y^cj cai.u piuviuca d &oui registration mail system stores the text of the mail therein 

mail system. However, the mail exch^ge between users^of ^ foT T^^tZ '^^tr^:^TZ T^^t 

diflferentservicescannotbe achieved. Namely, messages can ^.^^ ^^e registration mail system senl the text ofL m^! 

srr.T^/X ^ ' "^'^ '"^'"'"'"'^ records L reception of the lil in the 

same service (HO. 1). database. 

On the other hand, users can freely exchange their mes- i,^ «.f««^ fUo* u^*u *u r * 
sage by e-mail regardless of services in which they regis- h jLt'nn »nH T ? • ^ ^ ior^gomg general 
tered according to the mail exchange system in the internet .^'"^nd /v^tnftn^ .T^ detailed description are exem- 
enviromnent, Tlierefore, the existing PC communication 25 ^^7.nM-nn^f ^ ? a ^'""^"^^ ^"^^^ 
servicestendtoprovideaninternetmailservicetogetherand ^'^'l^nation of the mvenUon as clamied. 
the communication tends to be used based upon internet rrtff nP^irRTPTinw ni7TUT: ATTAoucn 
mail IDs (e-mail addresses). However, the existing internet ^^^^^ OT^Wr^ ATTACHED 
mail service cannot provide a function allowing a sender to ukawiinu^ 
check whether or not a receiver read the maU sent by the The accompanying drawings, which are included to pro- 
sender. This is because internet mails are exchanged vide a further understanding of the invention and are incor- 
between independent mail servers. In this system, the sender porated in and constitute a part of this specification, illustrate 
cannot check the mail that the sender has sent to the embodiments of the invention and together with the descrip- 
receiver's mail server (FIG. 2). tion serve to explain the principles of the invention. 
SUMMARY OF THE INVENTION 35 1° drawings: 

Accordingly, the present invention is directed to a regis- > ^^"^^ ^'^^^P ^ conventional mail 

tration maU system with a sent e-mail check function on ''^^^'^ '° commumcaUon; 

internet and method for the same that substantially obviates ? ^ ^ block diagram showing a conventional e-mail 

one or more of the limitations and disadvantages of the system in an internet environment; 

related art. 40 FIG. 3 is a block diagram showing an overall structure of 

An objective of the present invention is to provide a a mail system with a sent e-mail check function according to 

registration mail system with a sent e-mail check function, ^® present invention; 

wherein a unique code is given to each mail sent by a sender FIG. 4 is a block diagram showing an overall structure of 

and recorded in a database (DB), a common gate interface an embodiment of a registration mail system with an 
(CGI) executive program through which the unique code 45 extended sent e-mail check function according to the present 

and confirmation information are sent to a source mail invention; and 

system if a receiver reads the mail is attached to the mail FIG. 5 is a block diagram showing an overaU structure of 

itself which is sent to the receiver's mail server, if the another embodiment of a registration mail system with an 

receiver reads the mail, the unique code and confirmation extended sent e-mail check function according to the present 

information that have been sent to the mail center by the CGI invention, 
executive program are compared with database inforaaation 

and recorded in the database, and confirmation of reception DETAILED DESCRIPTION OF PREFERRED 

by the receiver is notified to the sender. EMBODIMENT 

Additional features and advantages of the invention will 

be set forth in the following description, and in part will be Reference will now be made in detail to the preferred 

apparent from the description, or may be learned by practice embodiments of the present invention, examples of which 

of the invention. The objectives and other advantages of the illustrated in the accompanying drawings, 

invention will be realized and attained by the structure as With reference to the accompanying drawings, the present 

illustrated in the written description and claims hereof, as invention will be described in detail, 

well as the appended drawings. piG. 3 is a block diagram showing an overall structure of 

To achieve these and other advantages, and in accordance a mail system with a sent e-mail check function. Once a user 

with the purpose of the present invention as embodied and composes a mail message and send it through this system, 

broadly described, the present invention employs a mail the mail is processed by a mail control system A which 

control system for assigning a unique code to a mail sent by organically acts with a mail server. At this time, a unique 

a sender, recording the code in a database, and attaching a code is assigned to the mail and the related information is 
CGI executive program to the mail. The mail control system 65 recorded in a database. The mail control system A attaches 

organically acts with a mail server and is in linkage with a the unique code and CGI executive program to the mail 

database. before sending it to the mail server of a receiver. If the 
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receiver reads the arrived mail, the CGI executive program 
is carried out so as to send information confirming the read 
of the message by the receiver and the unique code of the 
mail to a mail control system B in a mail center. The 
received mail code is compared with the mail codes previ- 
ously recorded in the database to find the same mail code. 
Reception confirmation information is added to the corre- 
sponding mail record in the database. Thereafter, the mail 
control system B sends a reception confirmation signal to the 
sender. Furthermore, the sender can check the sent mail after 
accessing the web server anytime when necessary (FIG. 3). 

A registration mail system extended from the above 
system is similar to the above system in that a imique code 
is assigned to a mail sent by a sender. However, differently 
from the above system, the text of the mail is separately 
stored and a registration mail reception link and a registra- 
tion mail guide note (indicates registration mail receive 
method for a user checking e-mail with an emulator based 
upon text) are attached to the mail in the mail center before 
sending the mail to the receiver's mail server. Once the 
receiver receives (reads) the mail, the text of the mail stored 
is requested through the registration mail reception link 
attached to the mail. The mail text is then received by the 
receiver through direct connection. At this time, the mail 
control system B compares the unique code of the mail with 
the mail codes in the database and adds reception confir- 
mation information to the record of the corresponding mail 
in the database. Subsequently, the mail control system B 
sends the reception confirmation signal to the sender. 
Furtheraiore, the sender can check the sent mail after 
accessing the web server anytime when necessary (FIG. 4). 

However, if a mail client application used by the receiver 
for checking e-mail does not support HTML, or if the 
receiver checks the e-mail using the text based emulator, the 
above system cannot be applied. In this occasion, once the 
receiver just replies according to the content of the regis- 
tration mail guide note, the mail control system A requests 
the text of the mail stored in the DB and sends it to the 
receiver. TTie mail control system A compares the unique 
code of the mail with the mail codes recorded in the DB and 
adds the reception confinnation information to the record of 
the corresponding mail. Thereafter, the mail control system 
B sends the reception confirmation signal to the sender. 
Furthermore, the sender can check the sent mail after 
accessing the web server anytime when necessary (FIG. 5). 

Consequently, the present invention makes it possible to 
use a sent mail check function on internet, thereby over- 
coming the defect of the internet e-mail that has been the 
main method for mail exchange. 

As illustrated, the present invention embodies an internet 
mail system supporting a sent mail check function. This is 
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mail system with a sent e-mail check function on internet 
and method for the same of the present invention without 
deviating from the spirit or scope of the invention. Thus, it 
is intended that the present invention covers the modifica- 
tions and variations of this invention provided they come 
within the scope of the appended claims and their equiva- 
lents. 
What is claimed is: 

1. An electronic mailing method on the Internet with a 
function of reception confirmation comprising: 

(a) assigning a unique code to an e-mail of a sender and 
recording in a database the information on the unique 
code assigned to the e-mail; 

(b) attaching to the e-mail, to which the unique code was 
assigned in the step of (a), a CGI (common gateway 
interface) executive program that automatically sends 
to the web server of the sender the unique code that was 
assigned in the step (a) when the receiver receives the 
e-mail; 

(c) sending the unique code of the received e-mail to the 
web server of the sender by the automatic execution of 
the CGI executive program when the e-mail, to which 
the unique code was assigned in the step of (a) and to 
which the CGI executive program was attached in the 
step of (b), is received by the receiver; and 

(d) comparing the unique code of e-mail that was sent in 
the step (c) and the unique code that was recorded in the 
step (a) and, if they are identical, sending reception 
confirmation information to the sender. 

2. An electronic mailing method on the Internet with a 
function of receipt confirmation, comprising the steps of: 

(a) assigning a unique code to an e-mail sent by a sender 
and storing the unique code in a database; 

(b) attaching a CGI executive program to the e-mail 
containing the unique code of step (a) in order to 
transmit the unique code which is assigned to the 
e-mail in step (a), to an e-mail system of the sender 
upon a receiver's receipt of the e-mail; 

(c) transmitting the unique code of the e-mail received by 
the receiver to the e-mail mail system of the sender by 
an automatic execution of the CGI executive program 
upon the receiver's receipt of the e-mail which contains 
the unique code and the CGI executive program of step 
(b); and 

(d) delivering receipt confirmation information to the 
sender of the e-mail if the unique code of the e-mail 
transmitted in step (c) is identical to the information 
stored in the database. 

3. An electronic mailing system on the Intemct with a 



sufficiently important to the part of e-mail as means of 50 ^^ction of receipt confirmation, compnsmg: 



communication. For example, when the e-mail is used for 
business, there may be some cases the success of the 
business depends on whether or not the receiver reads within 
a certain time limit. There may be some cases that reception 
itself is refused or that a sender cannot check whether or not 
the receiver reads the mail by phone or other means. The 
sent mail check function is very important to the sender in 
these cases as well as daily mail exchange. In case a receiver 
uses a plurality of e-mail addresses, the present invention 
makes it possible for a sender to find and send e-mail to the 
receiver's e-mail address that is not used frequently. As 
illustrated, the sent mail check function is very useful. As 
internet e-mail becomes more important and necessary as 
means of conmiunication, effect of the sent mail check 
function achieved by the present invention increases. 

It will be apparent to those skilled in the art that various 
modifications and variations can be made in the registration 
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a first mail control system having a mail processor part 
which assigns a unique code to e-mail sent by a sender, 
attaches a CGI executive program for e-mail transmit- 
ting the assigned unique code to the electronic mailing 
system upon a receiver's receipt of the e-mail, and 
transmits the e-mail to the receiver's mail server; 
a database in which the unique code assigned by the mail 

processor part is recorded; and 
a second mail control system having a receipt confirma- 
tion part which receives the unique code of the e-mail 
transmitted by automatic execution of the CGI execu- 
tive program, compares the transmitted unique code 
with the unique code recorded in the database, and 
transmits receipt confirmation information to the 
sender if the two unique codes are identical. 
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(57) ABSTRACT 

The present invention provides a system and a method for a 
user to verify receipt of an electronic communication such as 
an email message by an intended recipient. Instead of 
forwarding the email to the intended recipient(s), (e.g. as a 
normal SMTP server might,) the invention sends a notifi- 
cation message of a posted email to the intended recipient(s). 
The email and attachments are each saved at a unique call 
address on a server such as for example a web server. At 
least one unique address is provided for each of the intended 
recipients that points to the location of the contents of the 
original email. When attachments accompany the email, 
each attachment is also assigned an address that is imique for 
each intended recipient. The intended recipient is notified of 
the call addresses for collecting the email and attachments. 
When the recipient downloads or collects the email and 
attachments from their respective addresses, the invention 
detects information regarding the downloaded email and 
notifies the sender that the email was retrieved. This infor- 
mation may be stored in a back-end database for ease of 
access and management. 
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ELECTRONIC COMMUNICATION recqiient. Email must be sent on unsecured pathways, palh- 

DELIVERY CONFIRMATION AND ways where the email can be mis-directed, lost, and/or 

VERIFICATION SYSTEM altered. It is highly desirable to the sender to be able to verify 

that the intended recipient has received an important email. 
This application claims the benefit of U.S. Provisional 5 It is also desirable to the sender to know that the intended 
Patent y^plication 60/109,934 filed Nov. 25, 1998, entitled information in electronic message was received as written or 
"An Electronic Communication Delivery Verification sent. 

Si Srent^'ty"' ^ SUMMARY OF INVENTION 

10 The instant invention comprises a software application for 
HELD OF THE INVENTION use with a computer that is part of or has access to an 

This invention relates generally to electronic communi- electronic network including at least one other computer at«J 
cations and. more particularly, to a method by which a » netood for of the software apphcation that provides a 
sender of an electronic communication can validate receipt '^"l"'; f f^^^"'<^^°^ ^"ch as an email, a 

r 1 . • • *• L • . J J - 15 receipt tor verification or dehvery of the electronic commu- 

01 an electronic commumcation by an mtended receiver. • / • • * tm. / v^v^K^nvm^ wjiumu 

nication by a recipient. The sender may use a conventional 
BACKGROUND OF INVENTION tmzil program or the instant invention to compose the email. 

The email ("electronic mail") may have graphics and/or 
Electronic communication, such as for example e-mail, is attachments, each of which is termed a data-string herein, 
a form of wntten data, a data-string, that is transported Unhke a conventional email program, each data-string is 
electronically such as on the Intemet. Specific protocols directed to a unique electronic address, such as for example 
governing certam aspects of the way one machine electroni- an IP (Intemet Protocol) address or hostname, on a computer 
cally passes information m the form of data-strings to that is independent of the recipient's computer. Only a 
another machme have been established to facilitate commu- notification that an email or an email plus an attachment is 
nication between different brands of machmes running dif- 25 awaiting retrieval is sent to the recipient and appears at their 
ferent software. Vanous protocols have been developed to computer. The notification provides the recipient with the 
standardize the methods by which data are transported from unique electronic retrieval location(s), such as a unique IP 
one computer to another computer such as on Local Area address for an email message or two unique email addresses 
Networks (LAN), Wide Area Networks (WAN), and the for an email accompanied by an attachment, located on a 
Intemet. This standardization was developed to allow com- 33 mail server to which the recipient can direct their computer 
puters and computer programs from differing commercial using software to retrieve the data-strings). Each recipient 
sources to be as compatible as possible. provided with a unique address to retrieve their email even 

The Intemet Protocol (IP) that directs or routes a data- when the recipient is merely receiving a copy of an email 
string from one computer to another is what is called a best that has been broadcast to a number of recipients. In one 
efforts protocol, a method that involves a series of computer 35 embodiment, a computer having access to the Intemet is 
instmctions that attempts to deliver a data-string to its used as the mail server. In an alternate embodiment, the mail 
intended location, but that does not guarantee its delivery. server is located on a LAN (local area network) such as for 
This means that the data-string can get lost or damaged example for use for infra-office email within a business, 
before reaching the intended recipient. The Transmission Upon retrieval of the data-string, the sender is notified 
Control Protocol (TCP) works in conjunction with IP in an 40 electronically via email and information regarding the 
attempt to ensure that data-string is sent error-free, retrieval transaction is stored in a back-end database, 
complete, and in the proper sequence. However, it does not For example, when the data-string is sent via the Internet, 
insure correct delivery. The Simple Mail Transfer Protocol the user who is the sender composes an email message and 
(SMTP) provides for standardized error messages to be attachesany text or images as required. Once the message is 
issued when a fault occurs in transmission. Standardized 45 composed and sent, the instant invention parses that data- 
status codes (such as described in Kleinsin, el al; Network string while determining the appropriate recipients. Ihe 
Working Group Request for Comments: 1869; STD: 10: parsed data-string is placed on the World Wide Web (also 
Obsoletes: 1651; Category: Standards Traclq November, termed the Web or the Intemet or the Net) by waiting until 
1995) provide information for generating error messages at least one appropriate data-string transfer and retrieval 
that indicate whether or not a computer in the net or network 50 means, such as for example a HyperText Transport Protocol 
of computers used to pass the data-string has been unable to (http) call provides an available address at a port of a 
do so. Such an Error message is exemplified by: computer the instant invention is monitoring. More 

" — The following addresses had delivery problems — addresses will be needed to match data-string to address 
<nosuchuser@dbc.mtview.ca.us> when, for example, a single email data -string is being 

(Mailbox "nosuchuser** does not exist)'* 55 communicated to a number of different recipients. There is 

When delivery occurs a message such as " — Mail was exactly one unique address that will access the data-string 
successfully relayed to the following addresses™" may be for each specific recipient targeted to receive the data-string 
provided. However, no inforaiation is provided by through unless the data-string has more than one component such as 
the use of these protocols via the respective protocol server a plurality of attachments. Concurrent with posting the 
regarding whether the intended recipient has retrieved the 60 sender's data-string on a computer connected to a network 
email and/or the attachments. of computers such as the Web, the instant invention sends 

Business people and others need to verify that an impor- out a notice via email that the recipient has a posted 
tant transaction once sent has been received by the intended data-string or email awaiting retrieval. This message is 
recipient. The main obstacle to widespread commercial use simply a notice of the availability of the electronic commu- 
of electronic communications, such as for example email 65 nication that provides an electronic address such as a Uni- 
and email attachment, is the lack of the ability to verify that form Resource Locator (URL) pointer to where the email is 
the email and/or attachment was received by the intended posted on the Web. One URL points to a single location that 
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is uniquely assigned for each component of the data-string In one embodiment, the instant invention communicates 

for each recipient using the instant invention. Alternatively, (also termed "interfaces") with electronic communications 

the posted email may have a URL that allows it to call for program, such as for example email programs Eudora®, 

its accompanying attachment ie. the email and its accom- First Class Qient®, and Hot Mail®. It can be used for 
panying documents may be electronically interlinked, 5 electronic communication on the Internet or an Intranet, 

When the recipient of the email message links to a within a Local Area Network (LAN) or a W^de Area 

data-string via the URL pointer, the instant invention iden- Network (WAN) environment. The invention provides a 

tifies the recipient by their unique IP address or hostname. plurality of fields for data in. the back-end database. Full 

As the recipient retrieves their posted email message and search, browse, edit, and contact management functions are 
attachments, the instant invention notifies the sender that the lo included in order to provide complete access to the stored 

posted electronic communication has been retrieved by a data. Remote access functions may be configured. Thus, 

person at the IP address corresponding to that of the intended verification, authentication, and ease of data management 

recipient. This notice includes the recipient's unique IP are provided. Advantageously, the flow of electronic com- 

address or hostname and a time, date stamp indicative of munications such as email can be controlled and docu- 
when the posted electronic communication was retrieved. A 15 mented. 
copy of the posted electronic communication may also be 

included in the notice. BRIEF DESCRIPTION OF THE DRAWINGS 

An embodiment of an inventive method for verifying FIG. 1 provides a block diagram of the system and 

receipt of an electronic communication at an intended elec- method by which an electronic communication in the form 

tronic address is provided by the following example com- of data can be routed by a sender to a specific receiver and 

prising the steps of: by which the sender can be notified of the receipt of the 

1. Sending an electronic communication comprising a electronic communication by the specific receiver, 
data-string. FIG. 2 provides a flow chart of the pathway and compo- 

2. Posting that data-string to a unique URL on a computer ^5 ncnts used to transmit and verify an electronic communica- 
connected to the Web for each unique data-string. tion. 

3. Notifying the recipient at a recipient IP address via 

email that they have an electronic communication DETAILED DESCRIPTION OF THE 

awaiting retrieval at a specified unique Web URL PREFERRED EMBODIMENT 

address. 3q Xhe instant invention provides a system and method for 

4. Validating the retrieval of the sender's electronic com- confirmation of receipt of an electronic commtmication by 
munication by a recipient at an intended IP address by an IP address or hostname accessible recipient ("the 
recognizing the recipient's IP address or hostname recipient"). The invention is a software application that 
when they electronically request delivery of their elec- allows the sender of an electronic communication to use the 
tronic communication. 35 electronic communication program of their choice, such as 

5. Notifying the sender when the IP address or hostname for example an email program like Eudora®, to generate a 
match the intended IP address or hostname that the specific data-string or message, send it to a specific 
electronic communication has been retrieved and recipient, and verify that the specific recipient received the 
optionally passing the validating information into a data-string. Optionally, the application may provide a copy 
back-end database. 40 of the retrieved data-string so that the sender can determine 

The invention has four distinct interfaces with users: two if the data-string was received as sent, unaltered. Transmis- 

sender interfaces and two recipient interfaces. The first sion of electronic information involves passing data in the 

sender interface is an outgoing message interface that is ^otm of a data-string from one computer to another through 

implemented to communicate with any SMTP client having use of computer programs that convert user instructions 
an outgoing server that is configurable to a given IP address 45 into instructions that a computer can understand. The data- 

or hostname. This interface is not limited to what is gener- string is then passed through electronic means, such as for 

ally considered client type programs such as for example example by telephone wires or cables, from one computer to 

email programs such as Eudora®. The invention could another computer. These computers form a network of 

interface at the first sender interface with any large server computers that is variously referenced to as a "Net" or 
that delivers email using SMTP where the outgoing delivery so "Web". 

IP address is capable of being configured. The first recipient The invention has four distinct interfaces with users: two 

interface is implemented to accommodate use with any sender interfaces and two recipient interfaces. The first 

system or application that handles delivery of electronic sender interface is an outgoing message interface that is 

messages to a given recipient. This includes all POP clients, implemented to communicate with any SMTP client having 

all Web-based email clients as well as any test-based email 55 an outgoing server that is configurable to a given IP address 

delivery and retrieval systems. The second part of the or hostname. This interface is not limited to what is gener- 

recipient interface is the data-string retrieval interface. This ally considered client type programs such as for example 

interface is implemented lo communicate only via http (with email programs such as Eudora®. The invention could 

any http browser in the embodiments described. However, interface at the first sender interface with any large server 

the recipient interface can be implemented to accommodate 60 that delivers email using SMTP where the outgoing delivery 

any data -string retrieval mechanism. The second sender IP address is capable of being configured. The first recipient 

interface is the incoming interface that notifies the sender interface is implemented to accommodate use with any 

when the data-string is retrieved. In one embodiment, it is system or application that handles delivery of electronic 

implemented as an email delivery notification and works messages to a given recipient. This includes all POP clients, 

with any system that handles delivery of email to a given 65 all Web-based email clients as well as any test-based email 

recipient. This includes all POP clients, all Web based delivery and retrieval systems. The second part of the 

clients, as well as any text-based email retrieval systems. recipient interface is the data-string retrieval interface. This 
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interface is implemented to communicate only via http (with sent via the file handler and the email sender to the IP or 
any http browser in the embodiments described. However, hostname address of the sender ("original sender") and 
the recipient interface can be implemented to accommodate includes information concerning the downloading of the 
any data-string retrieval mechanism. The second sender message data-string by the recipient, such as for example, 
interface is the incoming interface that notifies the sender 5 the time it was first downloaded (time and date stamp), the 
when the data-string is retrieved. In one embodiment, it is address to which it was sent at downloading, and other 
implemented as an email delivery notification and works relevant information. A compressed copy of the message 
with any system that handles delivery of email to a given received by the recipient may also be provided to the sender, 
recipient. This includes all POP clients, all Web based If the original electronic communication comprises an 
clients, as well as any text-based email retrieval systCEns. email and an attachment, then in one embodiment, the 
Referring now to FIG, 1 which illustrates a first embodi- recipient is notified that an electronic communication is 
ment of the instant invention, when an electronic commu- located at http call address 1 (the email) and at http call 
nication sender is distanced from a recipient and the Internet address 2 (the attachment). The recipient retrieves the elec- 
is used to send the electronic communication, a sender tronic communications at each address and notification of 
illustrated by box "Sender" 10 enters information, such as 15 each separate retrieval is provided to the sender as described 
for example an email message and an attachment to that above. Alternatively, the notification message may contain a 
email message, into a computer via the desired electronic link to the address for the email and to the address for the 
communications program that has been loaded on that attachment. Notification of receipt may then be sent as each 
sender's machine. A message data-string is generated. This data-string is retrieved or notification of receipt may be sent 
message data-string is then processed by the instant inven- 20 only once when all associated electronic communications 
tion which has been loaded on the sender's machine as have been retrieved. 

follows. The message data-string is parsed into an html- FIG. 2 provides an embodiment of a method of confinn- 
readable file and electronically sent via a user interface 21 to ing that an electronic communication was received by a 
a file handler 22 where the message data-string is stored at recipient. This embodiment exemplifies electronic commu- 
a unique http call address assigned to each of the intended 25 nication verification when using the Internet to transport the 
recipients. Assignment of the unique http call address(es) is electronic communication. Referring now to FIG. 2, a flow- 
determined by the instant invention which monitors a port chart of the steps used to provide verification to a sender that 
for incoming TCP connections. If the electronic communi- receipt of a electronic communication by a recipient has 
cation was an email that included an attachment, then a occurred is provided. The sender installs the software, the 
unique address is assigned to each of the parsed original 30 inventive computer program for generating electronic mail 
email message and original attachment html-readable files. receipts, on their computer and electronically moves through 
Concurrently upon receiving a file for storage, the file a set-up interface. The sender generates an electronic corn- 
handler also generates a unique data-string for each stored munication such as an email. The sender enters the email 
file that is a notification message that is delivered to each address of the intended recipient or recipients thus providing 
unique recipient. This notification data-string informs each 35 an addressed packet of information or a message data-string 
recipient that one unique message data-string has been which includes the address of the intended recipient that is 
stored for them at the indicated unique http call address. This unique for each intended recipient. The message data-string 
notification data-string is sent via a Web Server 24 to the is converted to html-readable language and passed to a file 
intended unique recipient, represented by box "recipient" handler via a user interface. The message data-string is 

40 stored while the instant invention locates one imoccupied 

The notification data-string may have additional informa- call address, such as for example an http call address, if the 

tion added to it prior to its delivery to the recipient. For message data-string is going to only one recipient, 

example, the electronic communication sender's name and/ Othervsase, the instant invention recognizes that a plurahty 

or email address may be added. Or, an advertisement may be of unique call address are required and establishes one 

added to the notification message data-string. 45 unique call address for storage of each copy of the email sent 

The notification message data-string is then sent to the to the plurality of intended recipients. In the simplest case 

recipient's Post OfBce Protocol (POP) server and is read by where there is one recipient, the message data-string is then 

the recipient at the notified IP address or hostname address posted to this unique unoccupied call address which is on a 

indicated by the notification message when they open their Web server. Concurrently, a notice that the recipient has 

email application. If the recipient wishes to read the posted 50 email from the sender on the Web server at the call address 

electronic communication, the recipient enters the unique at which the message data-string is located is sent to the 

http call address that has been sent in the notification recipient's Post OfiSce Protocol (POP) server, notifying the 

message data-string and retrieves the unique message data- recipient that they have an electronic communication. The 

string j&-om the Web Server 24, if the recipient has entered recipient requests the message data-string located at the 

the correct http call address. Both an email and its associated 55 provided unique call address and it is sent to the recipient, 

attachment(s) can be provided with unique call addresses or who downloads it, opening it. Upon downloading of the 

the email and its attachment(s) can be linked so that the message data-string, the instant invention generates a notice 

entire commimication is available using one call address. In of receipt that is forwarded to the original sender. The notice 

a first embodiment for each stored message data-string of receipt forwarded to the sender at the sender's POP server 

retrieved, be it email or attachment, the Web server sends a 60 includes information concerning the collection of the email 

notification of receipt message that infonms the sender that by the recipient such as for example the address to which the 

the message data-string was retrieved by the recipient at the email was downloaded, the time it was downloaded, and 

address receiving the notification of available email and http optionally, a compressed copy of the original message, 

call address. This notification of receipt message is elec- When the sender enters their POP server, they receive the 

tronically transmitted to the sender at approximately the 65 notification of receipt by the recipient, 
same time that the recipient is sent (retrieves) the stored When attachments accompany an email, each of the 

message data-string. The notification of receipt message is attachments and the email itself is provided with a unique 
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call address. Each is collected separately by the intended 
recipient. The intended recipient niay be notified of each 
separately or the intended recipient may be directed to the 
email call address which then provides the recipient with the 
unique call addresses of each of the attachments. 

Notification of receipt of the email and attachments can be 
achieved in a variety of ways and may vary depending upon 
the number of recipients and the number of attachments sent. 
Notification can be sent as each unique recipient accesses 
each unique call address. Or, notification may be sent to the 
sender when the recipient has collected the email and all of 
its associated attachments. Or, where a plurality of recipients 
have been sent the same email, the sender may be notified 
only after all the recipients have retrieved their copies of the 
email. Preferably, in the notification of receipt, a copy of the 
electronic message as received by the recipient is included. 
This message may then be compared with the message sent 
to verify that the message was not garbled during transmis- 
sion. Other options will be apparent to those skilled in the 
art. 

The instant invention also may be inactivated without 
having to remove the software application off the computer 
hard disc. The instant software application is provided with 
the following switches: Override, Always On, and Switch. 
Override allows the user to substantially tum off the soft- 
ware application thus deactivating notification of receipt. 
"Always On" allows the user to send electronic communi- 
cation which provides notification of receipt whenever the 
electronic communication is accessed. Switch provides a 
subroutine that reads the electronic communication before 
its is sent by the sender to determine if a receipt is being 
requested. 

Modifications and variations can be made to the disclosed 
embodiments without departing from the subject and spirit 
of the invention as defined in the following claims. Such 
modifications and variations, as included within the scope of 
these claims, are meant to be considered part of the inven- 
tion as described. 

What is claimed is: 

1. A method for verifying receipt by an intended recipient 
of an electronic communication generated by a sender 
comprising the following steps: 

a) sending an electronic communication comprising a 
data-string having an electronic address for the 
intended recipient; 

b) posting said data-string having said electronic address 
to a unique call address; 

c) providing the intended recipient with said unique call 
address at said electronic address; 

d) receiving at said call address a request, having said 
electronic address for the intended recipient therewith, 
to access said data string; 

e) comparing said electronic address in said request with 
said electronic address provided in said data-string and 
proceeding with accessing said data string when said 55 
electronic address in said request matches said elec- 
tronic address in said data-string; 

f) sending an electronic notification consisting of data, 
said data comprising said call address and said elec- 
tronic address of the intended recipient to the sender 
when said electronic communication is accessed by the 
intended recipient 

2. The method as in claim 1, further comprising the step 
of posting said data in a back end database. 

3. A method for verifying receipt by an intended recipient 65 
of an electronic communication generated by a sender 
comprising the following steps: 



8 



30 



35 



45 



50 



60 



a) sending an electronic communication comprising a 
data-string having an electronic address for the 
intended recipient; 

b) sending an attachment to said electronic communica- 
tion to an additional electronic address for the intended 
recipient; 

c) posting said data-string having said electronic address 
to a unique call address; 

d) posting said attachment having said additional elec- 
tronic address to an additional utnique call address; 

e) providing the intended recipient with said unique call 
address at said electronic address; 

f) receiving at said call address a request, having said 
electronic address for the intended recipient therewith, 
to access said data-string; 

g) comparing said electronic address in said request with 
said electronic address provided in said data-string and 
proceeding with accessing said data string when said 
electronic address in said request matches said elec- 
tronic address in said data-string; and 

h) sending an electronic notification consisting of data, 
said data comprising said call address and said elec- 
tronic address of the intended recipient to the sender 
when said electronic communication is accessed by the 
intended recipient. 

4. The method as in claim 3, further comprising the step 
of posting said data in a back end database. 

5. A device for verifying receipt by an intended recipient 
of an electronic communication generated by a sender 
comprising the following steps: 

a) means for sending an electronic communication com- 
prising a data-string having an electronic address for 
the intended recipient; 

b) means for posting said data-string having said elec- 
tronic address to a unique call address; 

c) means for providing the intended recipient with said 
unique call address at said electronic address; 

d) means for receiving at said call address a request, 
having said electronic address for the intended recipient 
therewith, to access said data string; 

e) means for comparing said electronic address in said 
request with said electronic address provided in said 
datastring and proceeding with accessing said data 
string when said electronic address in said request 
matches said electronic address in said datastring; and 

f) means for sending an electronic notification consisting 
of data, said data comprising said call address and said 
electronic address of the intended recipient to the 
sender when said electronic communication is accessed 
by the intended recipient. 

6. A device for verifying receipt by an intended recipient 
of an electronic communication generated by a sender 
comprising the following steps: 

a) means for sending an electronic commimication com- 
prising a data-string having an electronic address for 
the intended recipient; 

b) means for sending an attachment to said electronic 
communication to an additional electronic address for 
the intended recipient; 

c) means for posting said data-string having said elec- 
tronic address to a unique call address; 

d) means for posting said attachment having said addi- 
tional electronic address to an additional unique call 
address; 
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e) means for providing the intended recipient >vith said 
unique call address at said electronic address; 

£) means for receiving at said call address a request, 
having said electronic address for the intended recipient 
therewith, to access said data-string; 

g) means for comparing said electronic address in said 
request with said electronic address provided in said 
datastring and proceeding with accessing said data 
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string when said electronic address in said request 
matches said electronic address in said datastring; and 
h) means for sending an electronic notification consisting 
of data, said data comprising said call address and said 
electronic address of the intended recipient to the 
sender when said electronic communication is accessed 
by the intended recipient. 
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signing and/or encryption for the electronic transmission, 
storage, and retrieval of authenticated documents and that 
enable the establishment of the identity of the originator of 
an electronic document and of the integrity of the infonsa- 
tion contained in such a document Together these provide 
irrevocable proof of authenticity of the document The 
methods and apparatus make it possible to provide '"paper- 
less** commercial transactions, such as real-estate transac- 
tions and the financial transactions secured by real estate. A 
Certification Authority provides tools for initializing and 
managing the cryptographic material required to sign and 
seal electronic documents. An Authentication Center pro- 
vides 'third party** verificadoo that a document is executed 
and transmitted by the document's originator. The methods 
and apparatus eliminate tite need for "hard copies** of 
original documents as well as hard-copy storage. Retrieval 
of an authenticated document from the Authentication Cen- 
ter may be done by any number of authorized parties at any 
time by on-line capability. 
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FIG. 3 
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FIG. 6b 
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SYSTEM AND METHOD FOR ELECTRONIC Amencan. voL 247, no. 8, pp. 96-101 (Aug. 1992); C. R. 

TRANSMISSION, STORAGE AND Menill. **Cryptography far Commerce - Beyond Clipper". 

RETRIEVAL OF AUTHENTICATED The Data Law Report, vol. 2, do. 2. pp. 1,4-11 (Sep. 1994). 

DOCUMENTS Since DBS. no governmeDtai organization or other 

5 standards-setting body has been willing or able to set 

This application is a continuation-in-part of U.S. patent standards (i.e., as to cryptographic strength, process, etc.) 

application Ser. No. 08/373,944 filed Jan. 17, 1995, now acceptable for general commercial use. The techniques 

U.S. Fat No. S.615 J268 by Stq)hen E Bisbee. described in this application are synergistic and of sufficient 

assurance to be on par with the security needed to support a 

BACKGROUND jq typical business transaction. 

Applicant's invention relates to systems and methods for Applicant's document authentication system (DAS) pro- 
providing a verifiable chain of evidence and security for the vides the needed security and protection of electronic 
transfa and retrieval of documents in digital formats. transmissions, such as electronic documents. Most impc^- 

P^ser documents are the traditional evidence of the com- tant to conmiercial and financial institutions. Applicant's 

munications and agreements between parties in conamercial DAS assumes the risk and responsibility of a document's 

and other transactions. Financial and real-estate transactions authenticity. Applicant's DAS utilizes an asynmietric 

are protected by paper-based controls. Signatures and safety cryptosystem, known as a public-key system, to help ensure 

paper (such as pre-printed checks) facilitate detection of the party originating a document is electronically iden- 

unauthorized alterations of the information of commcrdal tifiable as such when a DAS digital signature is applied, 

transactions. In^rtant documents may also be provided ^ Various aspects of public-key cryptographic (PKC) sys- 

with 'third man" controls, by the witnessing of signatures terns are described in the literature, including R. L. Rivest ct 

and by the seal and acknowledgement of a Notary Public. al., "A Method for Obtaining Digital Signatures and Public- 

The methods of commerce, however, have changed dra- Key Cryptosystems," Communications of the ACM VoL 21, 

matically and continue to evolve. This is most evident in the pp. 120- 126 (Feb. 197 8); M. E. Hellman, *The Mathematics 

rei^acement of paper-based communications with electronic of Public-Key Gyptography", Scientific American, vol. 234. 

communications. The "due care" controls used with paper- no. 8, pp. 146-152, 154-157 (Aug. 1979); and W. DiflSe, 

based communications do not exist in routine electronic '*rhc I^st Ten Years of PuWic-Key Cryptography". Pro- 

transactions. Standard electronic conuminication over open ceedings of the IEEE. vol. 76, pp- 560-577 (May 1988). 

systems does not have the same ability to provide Popular PKC systems make use of the fact that finding large 

authentication, privacy, and integrity of the comnmnicatcd prime numbers is computationally easy but factoring the 

information. By "authentication'' is meant verification of the products of two large prime numbers is coiiq>utationally 

identity of the signatory of a document; by **privacy'* is difficult A PKC system is an asymmetric encryption syston, 

meant protection of the infonnation in a document firom meaning that It employs two keys, one for enoyption and 

unauthorized disclosure; and by "integrity** is meant the one fOT decryption. Asymmetric systems adhere to the 

ability to detect any alteration of the contents of a document l^dplc tiiat knowledge of one key (the pubUc key) does 

When communicatioo is by electronically rej^oduced P™^^ derivation of the second key (the private key), 

messages such as e-maU, facsimile machine, imaging, elec- Th^^. PKC permits the user's public key to be posted (e.g., 

tronic data interchange or electronic fund transfer, there no '^^ directory or on a bulletin board), wi&out comproniising 

longer exists a signature or seal to authenticate the identity ^ P^vate key. This public key concept simplifies the 

of the transferor. The traditional IcgaUy accepted m«hods of *iistribution process. Example PKC algorithms are the 

verifying the identity of a document's criginator, such as signature algorithm and secure hash algorithm (DSA/ 

physical presence or ^jpearance, an ink signature, personal SHA) and RSA/MDS. 

witness or Notary Public acknowledgement, are not pos- Besides the PKC method, another encryption method is 
sible. 4j the symmetric algcdthm. An exaniple of this is the Data 

The continued evolution of computer and tdccommuni- Encryption Standard (DES), which is described in Data 
cations technology has regretfully been accompanied by die Encryption Standard. Federal Information Processing Stan- 
invention of more sophisticated ways to intercept and alter PubHcation 46 (1977) ("FIPS PUB 46", republished as 
information electronically transmitted, including the wide- ^1 (1988) and DES Modes of Operation. FIPS 
spread phenomenon of remote intrusion of conq>uter sys- 50 (1^0> ^ available from the U.S. Department 
tems througji telecommunication links. of Commaoe. In general, a symnketric cryptogr^hic system 

Some approaches to providing secure electronic com- ''^ tJ^^ ctf inactions, inq>lemented in either hardware, 

mcrce technology by applying cryptography give tiie usa a f oftwarc or both that can convert plamtext (the unencrypted 

verification meSmis^cr the au Aentidty or privacy of the "^CHmation) to aphertext, or yi^ versa, in a variety of 

transmission that is controUed by the user and does not 55 T'y'^ using a specific key that is known to die users but is 

include the element of non-repudiation. In some cases tiie ^"f ^ ^™ 

use of encryption for privacy could aid in the detection of either a symmetric or PKC system, the security of a 

document alterations^ advancing die goal of integrity. This is message is dependent to a great extent on the length of the 

not generally the case, however, and additional mechanisms key* as described hi C E. Shannon, "Communication Theory 

may be require for providing integrity. At present no 60 of Secrecy Systems", Befl5yj. TecA. /, voL 28, pp. 656-715 

distributed electronic document authentication system exists (Oct 1949). 

that can provide au&entication, as with written or printed cirMMARY 

instruments, in a manner that cannot be repudiated. No NUMMARY 

commercial system provides electronic document verifica- These and other objects and advantages are provided by 

tion based on a digital signature that cannot be repudiated, 65 the DAS which comprises the means to identify the origi- 

although some atten^)ts have been described. See, e.g., D. nator of the electronic document, to provide irrevocable 

Chaum,, "Achieving Electronic Privacy", Scientific proof of the integrity of an electrom'c document and tiie 
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means to prevent the odginator of the document from FIG. 5 is a block diagram of DAS control functions; 

denying the document's originator, Le., non-repudiation. piGS. 6a, 66 are diagrams iUustrating appKcation of the 

In one aspect of Af^licant^s invention, a method of DAS in the moc^age finance lodustiy with a tide company/ 

authenticating an electronic document comprises the steps closing agent for a loan as a Transfer Agent; 

of: signing the electronic document with a digital signature 5 ^ fliustrates the document ccrtificatioD process more 

of a Transfer Agent; appending a certificate to the electronic generally* 

document by theT^sfa .^em; and vaUdatin^^ PIO g'^iusfates generation of a digiial signature; 

Signature and certificate of the Transfer Agent The ccrtifi- „^ ^ 5 *& . 

cate may include infomation representing the Transfer ^ illustrates digitally signing a document and vali- 

Agent's identity, putdic cryptographic key. and predcter- 10 <Jation of the digital signature; 

mined attributes. FIG. 10 illustrates die format of a certificate employed by 

The signing step may comprise the steps of applying a a "scr or the Certification Authority; 

hash function to the electronic document to determine a illustrates validation of certificates; and 

message digest and using the message digest with a secret FIG. 12 illustrates generation of certificates, 

cryptographic key of the Transfer Agent to determine digital nF<;rRn^nM 

signatare. The step of vaUdating the digital signature then L>iiiAUJiU utiUOPriON 

conq>rises the steps of decrypting the message digest with Applicant's invention can be implemented utilizing com- 

the Transfer Agent's public cryptographic key, applying the mercially available computer systems and technology to 

hash function to the electronic doounent to determine a create an integrated dosed system for authentication of 

second message digest, and comparing the decrypted noes- ^ electronic documents. 

sage digest to die second message digest Referring to FIG. 1, which is a block diagram of the 
The method nmy further course the stq) of applying a liability allocation for authentication in Applicant's DAS, 
date stamp and a time stamp to the electronic document. The the DAS uses a CertificatioD Authority framework by which 
date and time staiq)s may be applied cither before or after ^ public/private keys, that arc utilized to encrypt/decrypt and/ 
validation of die digital signature and electronic document or digitally sign a document, are delivered to a document's 
using the certificate. Also, die method may further con^se originator by an established, auditable means. Certificates 
die step of signing the electronic document with a second and certification fii'amewoifcs are described in the above- 
digital signamre. cited publication by C. R. Merrill and in ITU-T Recommen- 
In another aspect of die invention, an apparatus for 30 ^^^^ X.509 (1993)fISO/IEC 9594-8: 1995 Information 
audienticating an electronic document comqirises means for Technology - Open Systems Interconnection - The Direc- 
signing the electronic document with a digital signatare of a tory: Authentication Framework (including all 
Transfer Agent; means for appending a certificate to the amendments), which is expressly incoipomted here by rcf- 
electronic document; and means for validating the digital ercnce. The Infrastructure and certificate definitions used in 
signature and certificate. The certificate may include infor- 35 application are based on these documents, 
roation representing the Transfer Agent's identity, public As described below, die public/private key is advanta- 
cryptographic key, and predetermined attributes. geously delivered in the form of a Token such as an 
The signing means may conymse means for applying a electronic circuit card conforming to the standards of the PC 
hash function to the electronic document to determine a Memory Card Interface Association (a PCMCIA card or PC 
message digest and means for using the messiage digest with 40 Card) for use in the originator's computer. In general a 
die TVansfer Agent's secret cryptogr^hic key to determine Token is a portable transfer device tfiat is used for trans- 
die digital signature. The validating means may dien com- porting keys, or parts of keys. It will be understood diat PC 
prise means for decrypting die message digest widi a public Cards are just one form of delivery medianism for public/ 
cryptographic key of the TVansfo* Agent, means for applying private keys for Applicant's DAS; other kinds of Tokens 
die hash function to the electronic document to detenninc a 45 also be used, such as floppy diskettes and Smart Cards, 
second message digest, and means for conq)aring the To ensure reliable delivery a service such as the bonded 
decrypted message digest to the second message digest courier services commonly used to feny securities between 
« ^ £.^t, * £ % ' parties could be used to deUvcr the media to the document 
The apparatus may further con^se means for ^plying -oinat «^ « ui^ ».v «u^uiiitui 

a date stamp and a time stamp to die electronic document onginator. 

The date and time stamps may be appUed cidicx before cr 50 Advantageously, many commercially available Tokens 

after die digital signature and electronic document have been embody onboard cryptography generate the public^ 

validated using die certificate. Also, the apparatus may private key pairs on die cards, and die private keys never 

further comprise means for signing die electronic document ^ ^^e the cards unencrypted. The pubUc keys are exported to 

widi a second digital signature. Certification Authaity for inclusion, widi die identity of 

55 the intended recipient and appropriate user attributes among 

BRIEF DESCRIPTION OF THE DRAWINGS otiier tilings, into a ^'certificate''. Principal components of die 

T^evan^featu^sandadvantag^ ?i^SA!Sr^*fr:iwt..X'afflS8 ol^^ 

tion wiu become apparent by reading this descnption m -j j * * *v 1.1 • 1 * j 

con'imction with the drawin ' whiSi- identity and attnbutes to the public key in the certificate, and 

Jl^ ^, , ^ ^ , / , 60 the reliable ddivery of die Token to die authorized recipient 

no 1 IS a block ±Bmm of the Uabihty allocanon for ^ ^^^^ ^ Applicant's invention, die 

audientication m die DAS; pubUc/privatc key is only effective when it is used in 

FIG. 2 summarizes die functions of die DAS relating to conjunction with a certificate and personal identification 

document transmission aufliorization and protection; information such as die recipient's biomctric infcnnation 

FIG. 3 is a siaqdc diagram of the DAS ardiitecture; 55 (eg., retina-, finger-, and voice^)rints) or a personal identi- 

FIG. 4 is a block diagram of die functional interrelation- fication number (FIN) that is assigned to the ret^itnt of die 

shq} between a IVansf er Agent and an Authentication Center; card by the Certification Authority and diat may be delivered 



5,748,738 

5 6 

separate from the originat€i*$ card. Any subsequent trans- signatories subsequent to its original execution or sealing, 

mitter of fee document who is required to digitally sign or The Authentication Center's integrity block for a document 

enciypt the document would sinoilarly be provided with a received from a TVansfer Agent is generated using any of 

respective card and personal identUication information. several known digital hashing algorithms. This integrity 

In no. 1, a document's originator and any subsequent 5 block ensures that the document cannot be altered wifeout 

transmitter are caUed a Transfer Agent and it wiU be detectiM.m addition, use of the digital signing algorithm by 

appn^datedthataTVansfcrAgentisidentifiedtotheDASby Authentication Center can advantageously provide for 

rpossessionanduseofav^dcertificateandavalidPIN !v^"lT^™„^"^^ ongmator from dis- 

In i^uing the key and PIN to the Transfer Agent, the DAS ^ do«iment Applicant s combma^on of Ac 

UA«5 **jf ouu irii IV/ uic ^^'^^ /^cui, ujci^rto integrity block, date and time stamp, and audit provide 

advantageously records one or more attributes of the Trans- 10 „^J: \. * u*/, ouu auuii piwviuc 

£ A ^ . ' ^ ..t. . J «r^T ^ . notice and evidence of any attempt at alteration or 

fcr Agent m assocurtion wi& the tey andMN. For ewmpU^ s^bstilation, even by a docLnfsTiginator when the 

tte IVansfa Agent may be auAomed to conduct only ^^^^^ is'atteapui after origination, 

certain types of transactions and/<H' transactions having less . . . 

than a predetermined value. . ^ accordance with Apphcant's invention, each transac 

T , ^ * ^ ^. . 15 find its documents are authenticated by transmission to 

, "il^'i^**^ ^^^''''•^^.^^t^ a di^tally the Authentication Center from the TYansfir Agent's termi- 

signed certificate ensures the yerifiability of the identity of ^ dcsaibed bdow. the Transfer Agent provides the 

caditeansmtterof adi^^^ document in digital form, such as the output of a conven- 

TTie CcrUfication Authonty also retains the ability to revoke ^^rd processor, to the TVansfer Agent's Token. As an 

apubhc/pnvatekey,orto reissucapubU^^^^^ option, a device for digitizing a hand-written signamre may 

a remote location elcctromcaUy. The Certification Aut^^^^ ^^^^^^^^^^^^^^^^ ^^^^^^^^ 

am also support j^vilcgc management m accordance widi the digital document The digital document is digitally 

me poUcy set for the system. For example, the Certification ^^^^^ encrypted by the DASTokcn, and the digitally 

Authority can set financial or other hmits on the authonty , ^^^^^ ^ communicated to the 

granted to the TVansfer Agent by conveymg those authc^- Authentication Center electronicaUy (eg., by modem or 

zaUons or restncUons as certificate attributes. These ^ computer network). Other ways of communicating tiie digi- 

attnbutes can be r<^^cd from die certificate and enforced enoypted documents might be used (for 

by other elements m fte system. example, dispatching a diskette containing the document), 

In an important aspect of Applicant's invention, tiie DAS but the great advantage of electronic communication is 

is a system for authenticating a document by applying digital ^ speed. 

signature encryption technology. As used here, "aufeentica- The Authentication Center verifies die identity of the 

tion" is the cOToboration and verification of die identity of Transfer Agent and tiic authenticity of tiie documents, and 

the party which executed, scaled, or transmitted the original appends a digital signature and a date and time stamp to the 

document and verification that the encrypted document document hereby establishing each transaction in a manner 
received is tiie document sent by that party. Tlie DAS uses 3^ which can not be repudiated. The combination of these 

an Authentication Center to provide an audit or evidence functions, in conjunction wiUi a protected audit trail can be 

trail, for ^Ucations that require this capaWHty, from the used at a future date to prove conclusively that a party 

original execution of the executed or encrypted or scaled initiated a transaction. In particular, AppHcant's invention 

document through all subsequent transmissions. provides for authentication of a document in a way tiiat 
The Certification Authority would use a physically secure 4^ prohibits an originator from denying that the document 

facility that is a **trusted center^ having twenty-four-hour originated with that originator, and provides irrevocable 

security, an alarm system, and **vaulted" oonstiuction. In proof of authenticity. 

view of its inqxatance, a facility would advantageously The authenticated, digitally signed and/or encrypted 

include two-person controls, with no single person having documents are stored by the third-party Authentication Cen- 
access to key generating or key management systems. All 45 ter in any convenient form, such as on optical and/or 

personnel connected with the operations of cryptogr£5)hic magnetic disks. Once a transaction is competed and the 

key management and transmission of electronic documents digitally signed and/or encrypted document or documents 

would have their trustworthiness evaluated in the surest are transmitted and authenticated by the Authentication 

ways possible, e.g., personal intemews, background checks. Center, any authorized party can access the Autiientication 
polygraphs, etc. Moreover, the Certification Authority man- 50 Center through an electronic device such as a modem to 

agement would implement procedures that prevent singjc- obtain or further transinit an authenticated document All 

point failures, requiring collaboration for compromise to transmissions <rf electronic documents from die originator 

take place. In this way, one individual would be prevented arc made to the Autiientication Center, which provides 

from obtaining complete access to key generation and to key authentication as described above and stores the au&enti- 

management. cated documents for transmission to and on behalf of 

Another aspect of Applicant's DAS authentication ttiat is authorized parties whose identities and policies are similarly 

in contrast to prior systems is the utilization of an integrity authenticated by the Authentication Center. Authorization 

block and a date and time ^^stan^)** on each transmitted for access may l>e restricted to the level of a single document 

document Suitable time and date stamps are those provided or group of documents. 

by systems described in U.S. Fat No. 5,136,646 and U.S. 60 In accordance witii >^plicant's invention, the DAS veri- 
Pat No. 5,136,647 to Stuart A. Haber and W. S. Stometta. fies and ensures that documents that have been transmitted, 
Jr., both of which are expressly incoiporated here by stored, or retrieved have not been accidentally or intention- 
reference, and commercially avaUable from Surety ally modified. The DAS can verify at any stage and at any 
Technologies, Inc. The integrity block, Le., die digital time that a document is exactly, to the last bit die document 
signature, and the date and time stamp, which are lulled by 65 whidi was executed and transmitted by the originator and 
the Authentication Center, eliminate the possibility of unau- that the document has not been altered or impaired io any 
thorized alteration or tampering with a document by the manner. This element of integrity combined with a digital 
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signature and a date aod time stanq> enable the DAS to and attribute information may be stored in the certificates or 

ensure that a document is not a fabrication, forgery. Token memoty in protected cr sealed form as described 

inq)ersonatioa, or cmauthorized replacement of a doctiment above. The DAS uses this infcrmation in conjunction with 

OTiginally executed or sealed by tiie document's originator. the PIN to set privilege, access, volume and fund amount 

Since originators of documents to be signed and/or ^ limits, 

encrypted, such as loan and mortgage documents, commer- The DAS p'ovides a distributed validation c^ability 

dal paper and other securities, property deeds and leases, using a "signature** that cannot be repudiated. The strategy 

etc.. should be able to execute their transactions from a uses PKC to reduce the key management overhead and to 

variety of locations, the DAS moves the heart of the cryp- provide a digital signature that cannot be repudiated for all 

tographic process to a Token entrusted to a respective 1° documents and transactions. Encryption is used to provide 

authorized Transfer Agent This permits individual utiliza- confidentiality protection of the PIN and other transaction 

tion of any DAS enabled conaputer in any location that is details as described above. These control functions of the 

networked or connected with the Authentication Center. As DAS are sununarized in FIG. 5. 

described above, the cryptogr^hic cards and certificates are AdditionaUy, the DAS is compatible with tfie fiiU range of 
issued and monitored by the Certification Authority. Certifi- 13 modem distributed, and dicnt/scrvcr transactional based 
cates arc further controUed throu^ the inclusion of an appUcations. It operates efiFectivcly in LAN, WAN, and 
"expiration period" field, which enables the periodic dial-up networks. The DAS preferably utilizes modem data- 
replacement if desired of the TYansfcr Agent certificates. It base tools, and thus the server can advantageously utilize 
will be appreciated that certificates in accordance with relationaltechnology with a SQL interface (e.g., SYBASE). 
X.509 include apluraUty of such fields, but only thosefields ^ ^ ^^^^^ ^ ^ ^ ^ ^ ^^^^ 
^por^t to understandmg the operation of the invention are document or other TYansfer Agent iVimplement the DAS 
nere. ^ typical 486 desktop or laptop computer having the 

FIG. 2 summarizes the functions of the DAS relating to DAS encryption subsystem (Token) installed and optionaUy 

document transmission authorization and protection. In the an electronic digital signature pad for hand-signed "execu- 

leflcolunm are the fimctions a Transfer Agent's Token; in ^ Uon" of the document It is not required for the function of 

the center column are other fimctions carried out by the the DAS to have a hand-signed instrument since a digital 

Transfer Agent's transmission device; and in the rigjit col- signature on the document is sufficient However, at this 

umn are functions of the DAS. FIG. 3 is a diagram illus- time, a typicalparty in loan or other commercial transactions 

trating interconnections among three Transfer Agent termi- requires the comfort of receiving laser-printed copies of 

nals and a server subsystem and backup subsystem in the ^ documents which have been executed by hand. Other com- 

Autheatication Center in the DAS architecture. FIG. 4 is a ponents and software typicaUy provided in the Transfer 

block diagram of foe functional interrelationship between a Agent terminal are a communication subsystem for handling 

TVansfcr Agent and the Authentication Center. transmission of encrypted or digitally signed documents to 

The cryptographic card includes components, such as a the Authentication Center by a modem telephone line or 

microprocessorandelectrooicmemorydeWces, for carrying other suitable communication link, a Token interface, a 

out the steps of a PKC algorithm as well as a symmetric message handler, input/ouQnit interface* and multimessage 

encryption algorithm such as DES. Also, &e card should be input q>plication. 

tan^-proof » which can be assured by designing it to delete . The Authentication Center is advantageously organized as 

critical keys and/or algorithms upon any attempted penetra- ^ a server subsystem, a crypto backup subsystem, and storage, 

don or alteration. The National Institute of Standards and As part of the server subsystem, which may be in^cmented 

Technology has been diaitered to certify &e authentication with a 456 computer running under a UNIX-type operating 

implementation of the cryptographic card suppliers that may system, a terminal communication subsystem includes a 

be used by the DAS. multiport controller (see also FIG. 3) that handles commu- 

ID accordance with Applicam*s invention, each transac- 45 nications with the IVansfer Agent terminals. Also provided 
tion and its documents are authenticated using a public key in the server subsystem are a cryptographic key management 
contained in the Transfer Agent's certificate. Privacy, subsystem, a backi^ subsystem, a relational database man- 
signature, and/or integrity devices and software are com- agement system, i]4)ut^ou^t (I/O), system administration, 
mcrdally available from a number of sources, including and audit subsystem. A Token Card and backup communi- 
RSA Data Security, Inc.; Public Key Partners; Surety cation subsystem interfaces with the backup subsystem 
Technologies, Inc.; Ascom Tech AG, Switzerland; National mentioned above that may be implemented as a 486 oom- 
Semiconductor, Nocthem Telecom Ltd.; and Spyrus. putcr ruiuung under a DOS-type operating system. A storage 

The Authentication Center makes use of its own secret communication subsystem interfaces with the document 

key to sign again the transaction in a manner that cannot be storage device or devices mentioned above. 
rq)udiated. The combination of the Transfer Agenfs and 55 The DAS also would permit a "Notary Public** type of 

Authentication Center's signatures (in conjunction with &e secondary support function. This would permit a third party 

physically protected audit trail) can be used at a future date present at the document's execution to also have a crypto- 

to prove conclusively that an agent, employee, or firm (the grq)hic card which would "seal** the transaction for further 

Transfer Agent) initiated a specific transaction. In addition, verification that the parlies executing or sealing the docu- 
a Notary Public support function is available for implemen- go nient to be signed were in fact the prc^ parties. This 

tation as described below. additional notary function is not required, but would assist 

En^loyee or agent sign-on at the TVansfer Agent* s tcr- ^ the further authentication of the identities of the parties, 

minal is protected by the personal identification information FIOS. 60, 66 are diagrams illustrating a typical appUca- 

and the cryptographic features of the ayptographic card tion of the DAS in the mortgage finance industry with a title 
held by that TVansfer Agent The combination of these 65 company/dosing agent for tiie loan as a Transfer Agent In 

controls uniquely identifies the agent or enq)loyee, diereby st^ 1, the Certification Au&ority completes code generation 

enabling DAS. In addition, agent or en^loyee authorization and issues Tokens to authorized parties for transferring 
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documeDts and establishiBg legal evidence trails. The tication Center (step 4). If authenticated the electronic 
paities. who would generally not be individuals but com- document is time- and date-stamped (step 5), digitally 
mcrdal and financial institutions such as a BANK/Mortgage signed (step 6), joumaled (step 7), and stored by the Authen- 
Co. and a Tide CoVaosing Agent, would be equ^ped to tication C:cnter. Certified copies of the electronic document 
transmit and receive documents clectronicaUy. In stq) 2, a 5 may then be distributed according to instrucUons from an 
Bank/Mortgage Co loads and electronically tonsmits loan appropriate party, such as the holder of a beneficial interest 
documents to the AutihcnUcation Center, which forwards (owner) designated by the document 
them to a Utte CoJQosing Agent after adding integrity * ^7 ^. o * - . * *u , ^ . ^ 
blocks and date and dme^Sn^ la step 3, the >Uithentica- Authentication Center m^ntains the electromc docu- 
tion Center transmits Ae authenticated loan documents to ^ ^^S^ ^^^^ ^ transactions, such as 
the Title CoVQosing Agent. requests for copies, etc., related to it. It will be appreciated 
In step 4, the ride CoyOosing Agent has the documents ^ *^ is useful for many management functions that 
executed by digitized autograph signature by a Homebuyer/ contribute to tiic usefutoess of the system. For example, (he 
Homeowner. In step 5, the Title CoyQosing Agent provides facilitates identifying subsequent electronic submissions 
Homeowner/Homcbuyer with "hard copies" of the signed related to a transaction and contributes to liability limitation 
documents. Id step 6, the Title CoVQosing Agent transmits *c Authentication Center. Also, the log is useful as 
the documents to the Authentication Center, v^ch adds the evidence of the document's chain of custody, 
integrity blocks and dates and time stanq>s the executed The Authentication Center also controls access to the 
documents, forwards the documents to the Banlc/Martgage document in 'accordance with authorization instmcdons pro- 
Co., and stores the documents. Whenever the Bank/ vided by the owner of the document Such authaization 
Mortgage Co. needs copies of die authentic documents, they ^ instructions would be updated or revised in conformance 
can be retrieved on-line from Authentication Center storage. with changes (e.g., assignments) in the document's owner- 

In stq) 7, the Bank/Mortgagc Co. directs that the authentic ship, 

documents be transferred by the Authentication Center to a FIG. 8 illustrates the process of digitally signing an 

secondary-nwket Mortgage Bank^vestor. In step 8, when- electronic document, depicted more generally as an *^or- 

ever the Investor needs authentic documents, (hey can be mation object*', by application of a hash function. In general, 

retrieved on-line from the Authentication Center. a hash function is a truly one-way cxyptogrq>hic function 

FIG. 7 further illustrates an example of Applicant's docu- is computed over the length of the information object to 

ment certification process. In the first step, an electronic be protected. The hash fianction produces a '*message digest" 

document is designed, or drafted, that reflects the agreement * different information objects 

of parties, such as a manufacturing <^eration depicted by the produce the same message digest Since a different message 

factory in FIG. 7. The electromc document is provided to a digest is produced if even one bit of the information object 

Transfer Agent's terminal, which is illustrated as a portable is changed, the hash function is a strong int^ty check, 

oon^uter having an authorized Token and, optionally, a In accordance with the invention, the message digest is 

stylus pad for capturing hand-written signatures. A typical encrypted using the signatory's secret key. thereby produc- 

oonfiguration for a Transfer Agent's terminal is at least the ing the signatory's digital signature. The combination of 

computational equivalent of a 386 desktop cr laptop hashing and encryption in this way insures the system's 

computer, -with high resolution gr^hics, a Token reader, and integrity (i.e., the ability to detect modification) and attri- 

a stylus pad for capturing hand-written signatures. As shown bution c^ability (i.e., ability to identify a signatory, or 
in FIG. 7, the electronic document, which may be created ^ responsible party). The digital signature (the encrypted 

locally or remotely, is displayed on this terminal. message digest) is appended to the readable infonnation 

In the second step, the parties to the agreement execute object (see steps 2 and 6 depicted in HG. 7). 

their hand- written signatures on the document using the Of the many diffo'ent hash functions that are known, it is 

stylus pad. These signatures are cs^tured and inserted in cutrendy believed that those designated MD4 and MD5, 

^>propriate locations in the electronic document. After all which are embodied in circuits commercially available from 

parties have signed the document, the IVansfer Agent cer- vendors identified above, and the U.S. government's pub- 

tifies the completion of the document's execution by invok- lishcd secure hash algorithm are suitably robust for use in 

ing his or her digital signamre and appcadm^ his or her Applicant's DAS. Of course, other hash functions can be 

certificate, using the Token. expected to become available as time passes. 

If an original paper document were desired, the electronic so The steps of digitally signing an electronic document 

document would be printed first The ps^cr document would (steps 2 and 6 depicted in HG. 7) and validating the digital 

then be placed on the stylus pad and tfie terminal's cursor signatures (step 4 in FIG. 7) are farther illustrated in FIG. 9. 

positioned to the corresponding place in the electronic The electronic document has appended to it one or more 

document This permits the capture and transfer of hand- digital signatures, which are created by using a signature 

written signatures during the actual signing of the paper 55 algorithm and the secret key(s) of tiie signatory(s) as 

document The electronic version is then an exact duplicate described in connection widi FIG. 8, and the certificate(s) of 

of the paper document the signatQry(s). As described above, each such certificate 

After local certification, the TVansfer Agent transmits the conveys the identity of the signatory, the signatory's public 

electronic document to the Authentication Onter in the tiiird signature/verification key, predetennined collateral informa- 

step of the process. The Authentication Cento* preferably 60 tion about the signatory, and the digitally signed message 

includes a high-volume utility server computer, having digest of the certificate. The format of these pertinent parts 

substantial storage c^»adty and backup capability, and is a of such a oertiflcate in acoordanoe with the X.509 Recom- 

secure and highly assured facility. The Authentication Cen- mendation diat would be employed by a user or the Certl- 

ter contains a sq>arate digital signature capability, one or fication Authority is illustrated in FIG. 10. 

more Tokens, and an accurate time base. 65 signature validation step, whidi would normally but 

When an electronic document is received, the authenticity not necessarily be carried out by the Authentication Center. 

andrightsofthelVansferAgentare validated bytheAuthen- con^mses decrypting the message digest appended to fte 
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document re-hashing the document to generate another 
message digest, and con^iaring the resulting message digest 
to the decrypted message digest The public signatured 
verification key found in the certificate signed by the Cer- 
tification Authority and appended to the document is used 
for decrypting the appended message digest If the two 
message digest values agree, the identity of Che individual 
named in the certificate can be asserted as the signatory of 
the document or other information object, and the integrity 
of the document is confirmed and guaranteed. An Au£en- 
tication Center attests to this result by itself digitally signing 
the document 

As shown in FIG. 11, a certificate of a user CTransfer 
Agent) or even of a Certification Authority is preferably 
digitally signed in substantially the same way that electronic 
documents are digitally signed, except that such a certificate 
is signed by authorities specifically en^wered to create 
certificates. Validation of a document*s digital signatures 
includes validation of 1hc public signatures of all Certifica- 
tion Authorities In a path between the signatory and a Root 
Authority, which is the most superior Certification Author- 
ity. The signatures of these Certification Authorities are 
loaded in the signatory's Token and appended to doctunents 
prepared with that Token. 

As illustrated by FIG. 12, the path from the signatory to 
the Root Authority may be considered part of an authenti- 
cation tree. The signatory's (user's) certificate is digitally 
signed by a Certification Aufliority whose own certificate 
(the CA Certificate) is signed by the Root Certification 
Authority. Since there is likely to be a plurality of Certifi- 
cation Authorities located on different branches of the 
authentication tree, it is only necessary to retrieve all Cer- 
tification Authority certificates along both branches until a 
common node is encountered, in order to authenticate a 
digital signature for an entity on a different branch of an 
authentication tree, and to verify the authenticities of the 
certificates up to the common node. 

It will be noted that the present description and drawings 
are illustrative only and that one of ordinary skill in the art 
would recognize that various modifications could be made 
without departing from the spirit or scope of (he present 
invention which Is to be limited only by the following 
claims. 

What is claimed is: 

1. A method of authenticatiiig an electronic document 
com{msing the stq>s of: 

signing the electronic document with a digital signature of 

a transfer agent; 
ap^nding a certificate to the electronic document by the 

transfer agent wherein the certificate relates a crypto- 

gr^bic key to an Identity of the transfer agent; 
af^lying a date stan^ and a time stamp to the electronic 

document; 

validating the digital signature and certificate of the 
transfer agent; 

signing the electronic document wift a second digital 
signature and i^jpending a second certificate to the 
electronic document signed with the second digital 
signature after the digital signature has been validated, 
wherein the second certificate relates a cryptographic 
key to the second digital signature; and 

staling in a facility identified by the second digital 
signature^ the document signed wi& the second digital 
signature and having the second certificate aj^nded 
such that (he facility assumes control of the doomaent 

2. An apparatus for authenticating an electronic 
document comprising: 
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means for signing the electronic document with a digital 

signature of a transfer agent; 
means for appending a certificate to the electronic 
document wherein the certificate relates a crypto- 
graiAic key to an identity of the transfer agent; 
means for applying a date stamp and a time stan^ to the 

electronic document; 
means for validating the digital signature and certificate; 
means for signing the electronic document with a second 
digital signature and for appending a second certificate 
to the electronic document signed with the second 
digital signature after the digital signature has been 
validated by the validating means, wherein the second 
certificate relates a cryptographic key to the second 
digital signature; and 
means, identified by the second digital signature, for 
storing the document signed with the second digital 
signature and having the second certificate appended 
such that the storing means assumes control of the 
document. 

3. A method of executing a transaction fay transferring an 
authenticated information object having a verifiable evi- 
dence trail, comprising the steps of: 

signing, by a first entity^ the information object with a first 

digital signature; 
£¥»pending, by the first entity, a first certificate to the 

information object wherein the first certificate relates 

at least an identity and a cryptographic key to the first 

entity; 

authenticating the information object signed with the first 
digital signature and having appended the first certifi- 
cate by a second entity, thereby forming an authenti- 
cated object, wherein the step of authenticating com- 
prises: 

validating the first digital signature and first certificate; 

applying a date stamp and a time stamp to the infor- 
mation object signed with the first digital signature 
and having appended the first certificate; and 

after the validating and applying steps, taking control 
of the validated stanq>ed information object by sign- 
ing the information object with a second digital 
signature of the second entity, appending a second 
certificate to the information object and storing the 
validated stamped information object signed with the 
second digital signature and having Ihe second cer- 
tificate appended as the authenticated object 
wherein the second certificate relates at least an 
identity and a cryptographic key to the second entity; 
and transfening the authenticated object to an ent^ 
in response to an instruction. 

4. The method of claim 3, wherein the transferring step 
comprises retrieving the stored authenticated object and 
providing the retrieved authenticated object to the entity in 
accordance with the instructioiL 

5. The method of daim 4, wherein the retrieved authen- 
ticated object is provided to eadi of a plurality of entities in 
accordance with the instruction. 

€. The method of claim 3, wherein each signing step 
oonqnises fiie st^ of applying a hash function to the 
information object to detennine a message digest and using 
the message digest with a secret cryptographic key of the 
respective one of ttie first and second entities to determine 
the respective digital signamre. 

7. The method of claim 6, wherein the validating step 
con^irises the step of using the digital signature with a 
public cryptographic key of tiie fint entity, and with another 
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message digest detennioed by applying the hash function to the second digital signature and having the second 

the infonnation object. certificate appended as authenticated objects, an 

8. Hie method of claim 3, further conning the step of authenticated object stored in the memay is trans- 
maintaimng a log relating to the au&enticated object so as f^a^le in response to an instruction, and the second 
r^'S^S'*"' " ' ceitificate relates at least an identity and a cTypt<v 

9. The metfiod of claim 8, wherein a subsequent infor- „ Jf^^*^ key to the second entity. 

mation object is signed by a third digital signature of a third ^paratus of claim 10, wherein eadi signing 

entity, means comprises a processor for applying a hash function to 

10. An q^>aratus for executing a transaction by transfer- lo infonnation object to determine a message digest and for 
ring an authenticated information object having a verifiable using the message digest with a secret cryptographic key of 
evidence trail comprising: the respective one of flie first and second entities to deter- 
first means for signing, by a first entity, the infonnation mine the respective digital signature. 

object with a first digital signature and for ^pending, 12. The apparatus of claim 11, wherein the signing means 

by the first entity, a first certificate to the information i5 electronic circuit card. 

object, wherein the first certificate relates at least an 13. The ^aratus of daim 11, wherein the validating 

identity and a cryptographic key to the first entity; and comprises a processor for using the digital signature 

means fox authenticating an information object signed ^ public cr>ptographic key of the first entity, and with 

'^^^'^^f^''^'^^' 20 a-^^thcr message digest determined by applying the hash 

fir^a^catebjMsecondenh^^ function to the infoLition objed. 

™w ^ Buthenucatmg means ^h^ { ^^^^ authenticated 

conmnses: ^ • ^ j . , , , , 

means for vaUdating the first digital signature and first T ^T^i" w"^^ fee instruction ^ reinev- 

cgj^igj^g. e ing flie authenticated object from the memory a plurality of 

a date stan^ and a time stan^ for appUcation to an " times and providing the retrieved authenticated objects to a 

information object signed with the first digital sig- Plurality of entities. 

nature and having appended the first certificate; and apparatus of daim 10, wherein fee aufeenticating 

means for controlling a validated stamped information means furfeer conqjrises a log relating to aufeenticated 

object, wherein the controlling means conqirises objects and identifying at least one subsequent information 

second means for signing an infonnation <^ject wife ^ object rdated to the transaction and stored in fee memory. 

a second digital signature of fee second entity and f^ 16. The apparatus of claim 15, wherein a subsequent 

appending a second certificate to fee information information object is signed by a third digital signature of a 

object, and a memory; third entity, 
wherein fee memoiy includes storage locations for 

validated stamped informatioo objects signed wife * * 0 * 
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RELATED PROCEEDINGS APPENDIX 

Appellant is not aware of any related appeals, interferences or judicial proceedings. 
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